Balancing NIST PQC with Qrypt's Quantum Key Generation

Blog Post

In this Post, We Cover:

• The significance of NIST PQC in the quantum era.
• The immediate threat of ‘harvest now, decrypt later’ (HNDL) attacks.
• An introduction to Qrypt’s Quantum Key Generation (QKG) as an alternative.
• A deep dive into how QKG works and its long-term benefits.
• The implications and potential advantages of Qrypt’s approach.
• Qrypt’s Quantum Secure Tunnel as a practical implementation.
• Steps to embark on a quantum-secure journey.


NIST PQC and “Harvest Now, Decrypt Later” HNDL Attack
The emergence of quantum computing accentuates the pressing need for organizations across all sectors to bolster their cryptographic defenses. The National Institute of Standards and Technology’s Post-Quantum Cryptography (NIST PQC) standards offer a robust framework for quantum-resistant cryptographic methods. Transitioning to NIST PQC is a vital priority for all and is emphasized by the US government’s increasing cadence of warnings and mandates to migrate to PQC.


However, it’s imperative to grasp the immediate and widespread threat posed by ‘harvest now, decrypt later’ (HNDL) attacks, where adversaries capture encrypted data today, waiting to decrypt it with quantum computers in the future. It’s worth noting that even classical computers can compromise encryption by exploiting flaws in implementations, randomness, or using various other techniques. With sectors like healthcare, defense, intellectual property, and regulated industries requiring long-term data confidentiality, the HNDL risk is a pressing concern, demanding immediate attention and action now.


Qrypt’s Quantum Key Generation (QKG) stands out as a formidable alternative for specific industries and workflows where data protection is paramount. By enabling the independent generation of encryption keys at various endpoints without transmission, Qrypt’s approach primarily overcomes the weaknesses of conventional asymmetric encryption techniques. This is particularly relevant for regulated industries, areas where data confidentiality is crucial over extended periods, and scenarios vulnerable to HNDL attacks due to imminent data capture risks.


Qrypt’s Quantum Key Generation (QKG) Explained
Transmitting encryption keys is inherently risky. With quantum computers threatening to break conventional encryption and the long-term resilience of NIST PQC algorithms still under scrutiny, today’s data security is at risk. Qrypt’s QKG offers a unique solution:

How QKG Works: QKG shares an encrypted “recipe,” allowing multiple parties to independently generate the same encryption key. This begins with true quantum random numbers from Qrypt Quantum Entropy servers. Then a symmetric encryption key or one-time pad is locally generated. A recipe detailing server and key generation parameters is shared with recipients.
Short-term Assumptions for Long-term Privacy: This recipe can be transmitted over a short-term secure channel. If an attacker fails to intercept and decrypt the recipe within this window, the attack is thwarted as the pools of entropy are shredded every hour.
Achieving Long-term Security: By avoiding key transmission, QKG ensures lasting security. Even if future techniques break encryption, previously transmitted data remains safe.


For a deeper dive into the technology and its foundational principles, readers can refer to the original publication by Qrypt’s Chief Cryptographer, Yevgeniy Dodis, titled “Doubly-Affine Extractors, and their Applications”.


Implications and Potential Benefits of Qrypt’s Approach

1. Elimination of Transmission-based Attacks: By removing the transmission step altogether, Qrypt’s approach inherently shields against man-in-the-middle attacks, eavesdropping, and other transmission-centric vulnerabilities.
2. Simplification of Cryptographic Protocols: Without the need for key transmission, the cryptographic process becomes more streamlined, reducing overhead and complexity.
3. Enhanced Security with One-Time Pads: If QKG is employed to generate one-time pads, it promises perfect secrecy long-term.
4. Targeted Application: It’s pivotal to recognize that Qrypt’s solution isn’t posited as a broad-scale alternative to NIST PQC today. Instead, it serves as a complementary tool tailored for specific use cases, offering an added layer of security where traditional and even forthcoming KEMs might falter.
5. Scalability and Future-Proofing: As the quantum computing realm evolves, so will the cryptographic challenges. Qrypt’s no-transmission approach offers a scalable, resilient solution against the burgeoning quantum threats.
6. Protection Amidst Crypto-Agility: While crypto-agility allows organizations to adapt to new cryptographic methods swiftly, it doesn’t address the vulnerability of data harvested up to the point of an algorithm’s failure. Qrypt’s approach offers a distinct advantage here: in the event of a cryptographic compromise, Qrypt users have the assurance that their past data remains shielded while transitioning to updated algorithms.


Qrypt’s Quantum Secure Tunnel: A Practical Implementation
For organizations aiming to amplify their cryptographic defenses, Qrypt offers the Quantum Secure Tunnel. By integrating an Envoy proxy in a container with Qrypt Key Generation, this solution facilitates the effortless incorporation of a one-time pad-encrypted tunnel into existing workflows. While AES keys are inherently strong, their cryptographic strength can be undermined when transmitted using potentially vulnerable asymmetric algorithms. With Qrypt’s approach, organizations can effectively counteract the HNDL threat and these vulnerabilities with minimal technical investment. By directing existing AES key transmissions through this encrypted tunnel, the integrity and strength of AES key transmissions are preserved, providing a pragmatic avenue to enhance security without extensive system modifications.


Embarking on Your Quantum-Secure Journey
Initiating this journey necessitates a comprehensive cryptographic inventory. This involves pinpointing key repositories, key management servers (KMS), and hardware security modules (HSMs), and discerning the origins and endpoints of encryption keys. With this insight, organizations can judiciously decide whether to eliminate key transmission using Quantum Key Generation or to secure transmissions with information-theoretic techniques via the Quantum Secure Tunnel, ensuring optimal mitigation of the HNDL risk.


In the complex realm of quantum cryptography, organizations stand to gain from a bifurcated strategy that both adheres to the NIST PQC standards and assimilates pioneering solutions like Qrypt’s Quantum Key Generation. This balanced strategy guarantees a resilient, future-ready cryptographic defense, adeptly addressing the distinct challenges of the quantum epoch.