How to prepare for post-quantum cryptography migration

Quantum computers will soon be capable of breaking existing cryptographic algorithms such as public key encryption. This juncture – known as “Q-Day” – is approaching with advancements in computing power making post-quantum threats very real. Some security experts believe Q-Day will occur within the next decade, leaving digital information vulnerable under current encryption protocols.

Post-quantum cryptography (PQC) – encryption that can withstand post-quantum threats and attacks of the future – is therefore high on the agenda. PQC migration provides an opportunity to not only protect data and systems, but to also re-evaluate the larger cyber security landscape.

Cyber Security Hub speaks with renowned cyber security academic professor Alan Woodward, School of Electronic Engineering and Computer Science, Surrey Centre for Cyber Security at the University of Surrey, about the importance of PQC migration and transitioning to quantum-resistant encryption.

Cyber Security Hub: In what ways will quantum computing affect enterprise cyber security?

Professor Alan Woodward: The security threat most people will have heard of relating to quantum computing is that various public key encryption schemes (those in use at present) can be broken using an algorithm developed by Peter Shor in 1996. The key point about Shor’s algorithm is that it can break only those cryptography based on what is known as the hidden subset problem: RSA, ECC, etc. Shor’s algorithm does not break symmetric encryption such as AES. There is an algorithm called Grover’s Algorithm (a form of search algorithm) which can brute force the keys in some symmetric encryption, but the speed is not as exponential as it is in Shor’s algorithm.

CSH: How important will PQC be to the future of cyber security?

AW: PQC is how organizations will adapt to the risk from Shor’s algorithm. That’s why the US National Institute of Standards and Technology (NIST) ran a competition which has selected new quantum resistant standards for public key encryption. Many vendors of equipment are already releasing products using the new PQC schemes. Unless organizations replace their current public key infrastructure and products that use public key encryption they run the risk of having their sensitive data exposed or, for example, browser sessions eavesdropped on.

CSH: Should organizations be preparing for PQC migration right now?

AW: While there is no quantum computer capable of running Shor’s algorithm at a large enough scale to break the current public key encryption implementations, it is possible a bad actor may be gathering the encrypted data for the day when they do have a large enough quantum computer. The risk this poses to organizations will very much depend on the longevity of the data being protected by encryption.

The UK National Cyber Security Centre (NCSC) provides a broad set of advice for companies to migrate to PQC. I would recommend that organizations take the advice offered and act on it as soon as possible. The advice is pragmatic and recognizes this migration won’t happen tomorrow, but organizations need to begin acting now if they are to stand a chance of being ready and mitigating the risk of those collecting data for future deciphering.

CSH: What will be the biggest challenges of PQC migration for most businesses?

AW: The single biggest challenge will be implementing PQC whilst maintaining interoperability with organizations and users who have not updated to PQC. Dealing with those who have not updated runs the risk of a type of attack that we saw for many years: the downgrade attack wherein attackers force you to downgrade to the older cipher suites that you have kept for backwards compatibility. There will be some difficult decisions to make about when to cut off these historical cipher suites. There will be some laggards and you must decide whether to accommodate them at the risk of your encryption being undermined.

CSH: How can businesses best prepare for PQC migration and what factors are most important?

AW: Each organization will have different ways of migrating. The first thing you need to know is where the potentially vulnerable public key encryption is being used. This includes products that are not always obvious. A classic example is a tape backup system. Once you know where the potentially vulnerable encryption is implemented you need to build a change program for those elements under your control, and you need to consult the vendors of the products you use to determine how they will be upgrading to PQC.