Quantum computing and the impact on cryptography

TechTalks are a new member initiative from GlobalPlatform, in which subject matter experts share insights and guidance on how to navigate the latest technology trends and advancements.  

Post-Quantum Cryptography is a major priority 

During our last Advisory Council meeting, GlobalPlatform conducted a poll to identify the main topics of interest to our members. Post-Quantum Cryptography (PQC) received an overwhelming share of votes. In response, GlobalPlatform dedicated a series of online ‘TechTalks’, webinars to educate and provide guidance on migrating to new PQC algorithms.

As part of our PQC series, we invited experts from Entrust, the National Institute of Standards and Technology (NIST), PQShield, Thales and our Crypto Sub-Task Force, to share their technical best practice. GlobalPlatform members have learnt about the latest developments in quantum computing and the impact on today’s cryptographic algorithms and protocols. We have also deep-dived into the technical considerations of deploying PQC, including the impact on Public Key Infrastructure (PKI), and different migration strategies.  

Although TechTalks are an exclusive member benefit, the migration to PQC is a major priority for all industries, and so in this blog we have summarised our three key takeaways to help organisations understand why and how to prepare.  

1. Quantum computing already poses a risk to our ecosystem

Quantum computing is a major risk to the security of standard PKI systems. This is because it has the potential to break the asymmetric standard algorithms, like RSA or ECDSA, that are responsible for encrypting and protecting our data. It is also a major risk to the security of cryptographic protocols based on asymmetric cryptography, such as TLS.

While we don’t know exactly when quantum computing will be able to break existing asymmetric cryptography standards, we do know that hackers are already considering how they will use it to launch cyber-attacks, thanks to well-known algorithms such as Shor’s algorithm. 

‘Harvest now, decrypt later’ (also called ‘store now, decrypt later’) is a type of attack that involves bad actors hoarding sensitive data now with the aim of decrypting it once quantum computers are available. It is a big cause for concern particularly for regulated industries such as healthcare and government that handle very sensitive data with long-term validity. 

To protect against these attacks, organisations need to invest in quantum-safe security measures now, and a major a part of this is the possibility to upgrade to quantum-safe cryptography. This hybrid approach provides the crypto agility that ensures data is secure, once quantum computers are capable of breaking current classic encryption techniques.

2. The rationale for a hybrid approach to PQC 

PQC requires larger keys and a larger memory footprint than classic cryptographic algorithms, meaning each PQC operation is much more power and time intensive. It is also likely to cause greater disruption.

When you consider that 20 billion digital devices will need to be upgraded to or replaced with PQC in the next 20 years, the scale of this potential disruption is huge. It also explains why a direct migration to PQC is simply not feasible. Any migration to different algorithms carries interoperability and security risks, and this risk is heightened in the case of the new PQC algorithms that are being standardised, as they are still relatively new and therefore less mature than traditional cryptography approaches. 

To mitigate this, a hybrid approach offers the best balance for most organisations. This involves using one algorithm from the pre-quantum era, such as elliptic curve cryptography, alongside an algorithm from the post-quantum era like NIST’s, the first of which have now been released. This approach allows for flexibility for new and unknown scenarios and reduces the risk of ‘zero-day’ attacks, as the data is protected against quantum computers. This approach is recommended by most European organisations, such as the French Cybersecurity Agency (ANSSI), the British Standards Institution (BSI) and the European Union Agency for Cybersecurity (ENISA). Additionally, standards organisations such as the European Telecommunications Standards Institute (ETSI) or Internet Engineering Task Force (IETF) are also working to define hybrid versions of current protocols, such as TLS and X.509.

3. Crypto agility is the ultimate goal

While a hybrid approach is a strategic and reasonable evolution towards PQC, crypto agility is the end goal that organisations should be seeking to achieve. 

To successfully navigate and prepare for the changing realities of quantum computing, regardless of the implementation approach, all organisations should ensure that they are ‘crypto agile’. This will enable the flexibility to pivot and reprioritise in direct response to quantum computing challenges and developments, without causing a significant disruption to infrastructure.

In this respect, crypto agility is essential for future-proofing encryption, but also for any organisation that needs to protect sensitive data. Achieving it requires a deep understanding of how cryptography is being used in the system. Without this knowledge, it will be a significant challenge to maintain connectivity, security and functionality during the transition.