Post-Quantum Cryptography & Preparing for Post-Quantum Encryption (PQE)

By Martin Townend May 23, 2023

Quantum computing is an emerging technology that, in due time, will enable amazing power for humanity. Of course, with good comes bad. Bad actors are likely to harness quantum computing to disrupt, steal or cause harm - threatening our global ways of living and working.

We must help federal agencies and commercial enterprises to build quantum safety and digital resilience against a worst-case scenario. Fortunately, the threat is being recognized.

On December 21, 2022, the U.S. Congress announced and passed H.R.7535. Known as the Quantum Computing Cybersecurity Preparedness Act, the bill is a major milestone requiring that, once NIST issues post-quantum cryptography standards, each executive agency must develop a plan to migrate their information technology to this post-quantum standard.

In this article, I look at the effects that quantum computing can have on encryption.

(For the latest in cybersecurity, explore these events and read the latest expert research.)

How cryptography works today

Let's first review how secure communications work today. Everything is based on exchanging or encapsulating keys to encrypt data.

Public key cryptography (PKC) involves a pair of keys known as a public key and a private key:

• The public key can be published without affecting the security of the communication.
• The private key is kept secret.

The data that is encrypted with the public key can be decrypted only with the corresponding private key.

The threat from post-quantum cryptography

Quantum computing allows parallel processing that can be used to attack these existing, or "classical", public key mechanisms. However, post-quantum cryptography includes encryption strong enough to resist attacks from quantum computers developed in the future.

To put it simply, a quantum computer could find private keys from public keys. Depending on who you are, this could be an enormous problem. Why?

Confidentiality is an obvious issue. Any data that you want to keep secret for years into the future is vulnerable to the "store-and-decrypt" threat. But whenever a cryptographically relevant quantum computer is available, you also risk attacks on authentication.

For instance, public keys are used when I visit www.splunk.com. How does my browser know it is indeed splunk.com? This is accomplished by signatures in certificates, a way to establish a chain of trust.

If a bad actor gets a hold of a private key, they can impersonate the real owner of the certificate. This threat potential does not stop with browsing to websites. Consider other certificates, like code-signing certificates, where a bad actor could install malicious code on devices - but still use a valid certificate signature.

How quantum computers would break existing cryptography

Cryptography key exchange algorithms are based on trapdoor functions. These are mathematical operations that are easy to figure out in one direction, but it is very difficult to reverse. For example:

• Prime factoring underpins RSA. Multiplying two primes together is easy, but finding two factors of a modulus is difficult.
• The discrete logarithm problem underpins (elliptic curve) Diffie-Hellman.

However, these trapdoor functions are easy to reverse, if you have an algorithm that can be run only on quantum computers (Shor's algorithm) with enough qubits, meaning the private key can be found.

A "cryptographically relevant" quantum computer - one that could practically achieve this retrieval - is estimated to need thousands of qubits.

The threat is coming, but how soon?

It seems that a quantum computer is always about 15 years away. In truth, we do not know precisely when this could become a threat.

Prioritization is vital. You'd be foolish to be quantum-ready at the expense of regularly exercising backups to recover from ransomware.

Today's quantum computers use 50-100 qubits each. Realistically, a quantum computer needs thousands of qubits to pose a security threat. But beware of only counting qubits - other factors like stability and entangled qubits are also important. So, we can say the threat is not arriving any time soon.

Near-term solutions to quantum-safe communications

There are various solutions out there for quantum security. Most of the credible ones use different cryptography that don't have a quantum-vulnerable underlying hard problem, like the periodicity of prime factoring.

NIST have published four quantum-safe algorithms. They're also researching more to be used for key establishment and digital signatures. Read more about this new strategy and a White House Memo here: "Migrating to Post-Quantum Cryptography", November 2022 (PDF).

For now, the best advice is to make an asset inventory of things you might migrate, should a quantum computer ever look "near". This will help you with your security too, as a solid asset inventory is a cornerstone of any modern enterprise.

What is Splunk?

 

This posting does not necessarily represent Splunk's position, strategies or opinion.