The search for quantum-resistant cryptography

To help enterprises prepare for the implications of quantum computing, Sectigo, the world’s largest commercial Certificate Authority (CA) and a provider of purpose-built and automated PKI management solutions, has created a broad set of 15 educational resources for security industry professionals in the form of a whitepaper, podcast episodes and transcriptions, and articles.

By its nature, quantum computing is highly effective at factorising numbers, which means quantum computers will be many orders of magnitude faster at the calculations necessary to break the RSA and ECC (Elliptic Curve Cryptography) encryption that underpins our digital systems today. This efficiency gain is so monumental that increasing the key sizes of these cryptographic schemes is not a viable solution. Rather, the world’s Public Key Infrastructure (PKI) systems will have to migrate to one or more new, quantum-resistant encryption algorithms before quantum computers break current encryption methods.

PKI is necessary for the secure operation of all the confidential and mission-critical digital processes in our global economy, including finance, commerce, communication, enterprise computing, transportation, defence, manufacturing, healthcare, government, and logistics. The impact of insecure PKI would be so vast that this potential outcome has come to be known as the Quantum Apocalypse.

The search for algorithms is underway

Thought leaders from industry, academia, and government are combining efforts to discover and deploy quantum-resistant cryptographic solutions across our global digital systems. The National Institute for Standards and Technology (NIST) has been leading an effort to identify one or more cryptographic approaches that can substitute for RSA and ECC. The community participating in NIST’s process now has a list of more than 20 candidate algorithms that are undergoing scrutiny of their suitability for this task.

Successful quantum-resistant algorithms must be difficult to break using brute-force attacks by both traditional and quantum architectures while still meeting performance standards similar to today’s algorithms. To be viable for widespread use, the algorithm must deliver on criteria such as:

• Fast encryption using traditional computers.
• Fast decryption (with private keys) using traditional computers.
• Impractical to decrypt (without private keys) using quantum or traditional computing architectures.
• Able to generate encrypted data of a size that is reasonable for storage and transmission across networks and the internet.
• Compatible with a vast range of software, hardware, and services.
• Well-understood and checked against potential attacks.

Understanding the challenge: available resources

“While no one can definitively say when quantum computers will reach the point of defeating RSA and ECC, many estimates place that date in the next ten or 15 years. Any organisation that does not migrate by then will be vulnerable,” said Tim Callan, Senior Fellow, Sectigo. “At Sectigo, we are working with our large base of enterprises, schools, and government agencies to help them achieve crypto agility by putting in place the systems and automation capabilities necessary to ensure rapid and comprehensive migration to these new standards once they arrive.”

To educate the cyber security community, Sectigo has the following quantum-resistant cryptography resources available:

• Whitepaper
  
  • The Search for Quantum Resistant Cryptography
• Root Causes Podcast Episodes & Blog Posts:
  • Cryptographic Quantum Apocalypse
  • Quantum-Resistant Cryptography
  • Mosca's Inequality, Mad Max, and Mohawks
  • The Search for Quantum-Resistant Crypto
  • Will Quantum Annealing Break Cryptography?
  • Entropy and Random Numbers
• Articles
  • Forbes: Quantum-Resistant Cryptography: Our Best Defense Against an Impending Quantum Apocalypse
  • Datacenter Dynamics: Cryptographic Security and the Quantum Apocalypse