NIST and White House Share Post Quantum Cryptography (PQC) Guidance… Now What?

After six years and multiple rounds of global debate and analysis, NIST recently announced the finalists in the post-quantum cryptography (PQC) standardization competition. Assuming nothing catastrophic happens (i.e., such as having these algorithms fail too), these finalists will become standards in about 18 to 24 months from now. According to the White House’s National Security Memorandum (NSM) on promoting quantum security while mitigating its risks, that means U.S. government agencies must plan to migrate to these standards. It’s great that the government has provided the beginnings of a quantum security roadmap, but there are still a lot of questions to answer.

First of all, migrating to new encryption standards can be extremely difficult and the industry has a history of taking several years to completely migrate to new standards. Though NIST hopes for rapid adoption to what will be its new PQC standards, the organization itself recognizes that it will be a rough road, as iterated in its July 2022 report stating “Standardization efforts in this area will continue for some time… The transition will undoubtedly have many complexities, and there will be challenges for some use cases.”^[i]

Additionally, most corporations are barely prepared for certificate expiration, let alone the failure of an encryption primitive. Only a quarter of enterprises are at the stage where they’re already implementing or have maybe finished implementing an automated PKI solution due to high costs, complexity, issues with compliance, and resistance to change.^[ii]

Just as Peter Shor discovered a quantum weakness in all our current suite of cryptographic tools, it is a safe bet that flaws will be found in these newest standards. And when that happens, any data that had been previously encrypted by those future failures will immediately become vulnerable to decryption.

So, given the urgency of safeguarding today against “harvest now and decrypt later” attacks (see our “Government’s urgent message for businesses to act now on quantum security” blog), what do you do to quickly become quantum secure during the standard’s transition period and industry’s migration efforts?

Second, despite NIST’s announcements of the finalists, they acknowledge that PQC standards will likely be a moving target. In fact, this was stated outright early on in the process when one of the committee members stated, “It’s important for the eventual standard to offer multiple avenues to encryption, in case somebody manages to break one of them down the road.”^[iii] In large part, that’s why implicit to the new standard is the additional guidance on crypto-agility. Heartbleed should have taught us that users of encryption must be prepared to update or replace encryption algorithms on short notice.

The need for crypto-agility makes sense from the perspective of a development methodology, allowing for responsiveness in the face of a compromise, but it isn’t a security mechanism to protect against the compromise – quantum or otherwise.  Cryptography is a very young field and if we’ve learned nothing else from history, all these new techniques will eventually fail and need replacement. The NIST process was adversarial by design, encouraging the broader community to both submit candidates and to demonstrate weaknesses in others. The 80+ candidates included in the beginning of the process were reduced to four due to discovered issues and vulnerabilities, this includes Rainbow being cracked during the third round of reviews.

Perhaps of greater concern is that after making it to the fourth round of the competition in 2022, the SIKE algorithm was cracked in 62 minutes with a classical attack from one regular computer with a single core processor. This is further evidence to show that there are no guarantees that the few surviving finalists will have any long-term durability.

Relying on crypto-agility as a security solution for the future is akin to surrendering to high risk levels for harvesting, which is a ‘today’ problem. The eventual algorithm’s failure, which could then be easily replaced due to crypto-agile implementations, will still lead to all the harvested data being decrypted.

We don’t know how long it will take for attackers to crack these algorithms, nor do we know how long it will take to recover, respond, or mitigate for those attacks. We do know that not just individuals, but nation-states are pursuing and sponsoring these cracks

So, what do you do to make sure your data is permanently secure, even when cybercriminals and state actors inevitably leverage future vulnerabilities in the PQC and other encryption standards?

Lastly, it is clear that becoming completely quantum secure will take more than just adopting NIST PQC standards.  In fact, this could be one reason that in NIST’s latest report it stated, “NIST is pleased with the progress of the PQC standardization effort but recognizes that current and future research may lead to promising schemes which were not part of the NIST PQC Standardization Project.”^[iv]

Being quantum-safe refers to the use of algorithms without known theoretical attacks by future quantum computers, even though the same algorithms may be compromised in the future by new attacks either from classical or quantum computers. The PQC finalists are quantum safe. Being quantum secure is a higher grade of security, where you can rely on mathematical proofs to show that an algorithm can’t be compromised. In truth , unbreakable quantum security demands more than just relying on NIST PQC standards. Even though passwords were useful authentication for centuries, they are a single point of failure and an unacceptable singular mechanism in a zero-trust world. Likewise, putting faith in the transition to a single new algorithm, of unknown strength, to protect sensitive data for the foreseeable future is an equally unsustainable defect in security.

So, what can you do today to eliminate quantum risks in a way that complements and fortifies your NIST PQC efforts?

Qrypt has answers for your quantum security.

You face significant quantum risks that must be addressed now and the fastest way to do that is to eliminate key transmission. Qrypt has elegant solutions you can use today to mitigate that risk, while keeping you quantum secure as you work toward NIST and NSM compliance, and even more secure after you migrate. Qrypt can help you:

• Get quantum secure now while you transition to NIST standards and NSM compliance
• Reduce the risk, expense, and effort of future repeated rip-and-replace efforts crypto-agility can’t address
• Eliminate single-point of failure risk with a layer of quantum security that removes the greatest PQC vulnerability—the transmission of cryptographic keys
• Decouple encryption keys from the data they encrypt, instead of transmitting them together on the same channels, to nullify “harvest now decrypt later” attacks

Qrypt transforms the way organizations can safeguard their sensitive data, secrets, intellectual property, and private communications while helping them meet government mandated quantum security requirements. Based on the work of highly renowned cryptographer, Yevgeniy Dodis, Qrypt enables parties to independently and securely generate identical symmetric keys and one-time pads at multiple endpoints without transmitting keys. Since there’s no transmission, there’s no possibility of key interception.

Additionally, to ensure the keys are based on true random numbers, Qrypt’s cloud service employs a network of high output quantum random number generators (QRNGs) that leverage multiple, diverse sets of high-quality quantum phenomena as entropy sources. On top of that, Qrypt offers permanent, everlasting security with its ability to generate one-time pads, mathematically proven to be unbreakable, and provides broad flexibility in addressing different use cases to achieve compliance.

As an additional layer of quantum security, Qrypt gives you the protection you need against “harvest now, decrypt later” attacks as you transition to NIST compliant standards. It will continue to protect you and minimize your need to quickly rip and replace when the latest standards eventually fall to future discoveries.

Not only can Qrypt eliminate single point failures by eliminating key transmission, but it can work in conjunction with NIST standard and NSM mandates to provide the unbreakable, layered quantum security you need. Plus, since it’s delivered as a cloud service, it scales on-demand, is globally accessibility with no new hardware, and is easily integrated with the Qrypt SDK.

Qrypt tips for NIST

During your transition to NIST and NSM compliance and beyond, leverage Qrypt to:

• Extract true quantum-based random numbers with our cloud-based QRNGs services to use with your existing encryption technology or NIST algorithms.
• Generate identical symmetric keys and one-time pads at multiple endpoints without ever transmitting keys.
• Encrypt sensitive data at rest, data in-transit, or even your existing encryption keys with unbreakable one-time pads.
• Insert a proxy that creates a secure one-time pad encrypted tunnel for transmission of data or encryption keys. Use our technology offerings in increments or all at once to fortify your quantum risk posture at the different stages of your NIST and NSM compliance transition.