The quantum threat to cybersecurity is easy enough to state. A quantum computer of sufficient size can efficiently factor integers and compute discrete logarithms by Shor’s algorithm, breaking much of the public-key cryptography in use today, including Rivest–Shamir–Adleman (RSA) and elliptic curve cryptography (ECC). Vulnerable public-key cryptography permeates all layers of the stack, creating a pressing need for post-quantum cryptography (PQC), public-key algorithms that can protect against quantum computing threats.
Security analysis of the National Institute for Standards and Technology (NIST) candidate algorithms for PQC standardization suggests the need for cryptographic agility, meaning the ability to easily change the underlying cryptographic algorithms or implementations. For example, in the third and fourth rounds of the NIST algorithm evaluation process, experts developed novel attacks against the GeMSS and Rainbow digital signature schemes and the KEM candidate SIKE, causing their elimination from consideration. And recent research demonstrated a side-channel attack on Crystals-Kyber — one of the four algorithms NIST selected for standardization.
In a few years’ time, it is unlikely that PQC algorithms and implementations will look exactly as they do now. However, organizations cannot afford to wait to begin the migration to PQC. A breakthrough in quantum computing research could mean that a quantum computer with enough power to break current public-key cryptography is deployed before organizations have fully inventoried and upgraded all instances of vulnerable cryptography in all internal and third-party applications. Cryptographic orchestration — the ability to centrally view and manage the use of cryptography throughout an enterprise — needs to be a near-term strategy to address security and compliance at scale.
The Importance of Agility
The typical deployment model for cryptography is highly decentralized and fragmented, with cryptography coupled directly to end applications and provided by a mix of platform- or language-specific libraries. This model, in turn, leads to reduced visibility and agility. As a result, it is no wonder that a recent memo from the NSA sets a target date of 2035 for the migration to PQC — over 10 years from now.
To balance the need to begin migration now with the realities of an immature ecosystem, organizations should pursue PQC solutions that are agile. Fundamentally, cryptographic agility for a library, protocol, or application means the ability to swap out the cryptographic algorithms or implementations in use with minimal disruption. A cryptographically agile system can rapidly respond to novel cryptanalysis or implementation bugs by easily swapping out or upgrading vulnerable cryptography. Cryptographic agility also allows systems to take advantage of new implementations that are faster or use less memory.
Cryptographic agility, however, should not be the end of the story. Just as with previous transitions — from DES to AES, MD5 to SHA-1, and SHA-1 to SHA-2 — cryptographic algorithms have a life cycle that includes improved iterations and occasionally a phase-out stage. To future-proof their security, organizations should look to develop or integrate solutions with cryptographic orchestration, a single system interface to track and manage the cryptography in use by applications and devices throughout the entire algorithm life cycle.
Why Orchestration Matters
The idea of cryptographic orchestration mirrors software-defined networking (SDN) in computer networking. Managing a traditional IP network is a time-intensive, error-prone process that involves manually configuring switches, routers, and middleboxes using vendor-specific tools or command-line interfaces.
The innovation of SDN is a layer of middleware that abstracts away the low-level details of the switches and routers responsible for forwarding packets and exposes an abstract interface at the network policy level. The middleware ensures that the low-level elements implement a given policy. With SDN, implementing dynamic routing policies at scale becomes a tractable problem.
Cryptographic orchestration applies a similar level of abstraction and automation on top of the low-level entities executing cryptographic protocols or algorithms to expose an interface for cryptographic policy. By working at the level of policy, orchestration can also ease the burden for organizations to meet current and future regulatory and compliance requirements at scale.
In the migration to PQC, consider that any compliance target, such as FIPS 140-2, that references vulnerable public-key cryptography will have to change with the quantum threat. Cryptographic orchestration makes such tasks much easier by providing visibility into which algorithms, key sizes, key rotation policies, or entropy sources any instance of cryptography is using, in addition to providing the means to easily swap out vulnerable or noncompliant instances. Orchestration will become even more important as the number of devices and applications in an organization increases due to computing trends such as “bring your own device” (BYOD) and the Internet of Things (IoT).
PQC Lessons for Enterprise
Overall, the migration to PQC brings a couple of key considerations for enterprise security to the forefront. First, the PQC standardization process is still ongoing. Experts continue to attack and probe the candidates while submission teams look to patch deficiencies and optimize implementations in software and hardware. In the short term, the shifting PQC landscape requires cryptographic agility in libraries, protocols, and applications to securely navigate the migration away from vulnerable public-key algorithms.
Second, the PQC process more broadly reminds us that cryptographic algorithms have a life cycle. Classical public-key algorithms are nearing the end of their life cycle, whereas most of the PQC algorithms are still at the beginning of their life cycle. No one can foresee if a new classical or quantum attack will make a particular algorithm obsolete and require yet another migration — or if another technology as disruptive as quantum computing is on the horizon. Consequently, it is critical that we engineer systems that can adequately respond to new developments. Orchestrated and agile cryptography is a vision to achieve this lofty goal and empower organizations to meet security, regulatory, and compliance goals at scale.
Though the PQC migration represents a major challenge for organizations across government and industry, it also represents a fantastic opportunity to shift the enterprise cryptography paradigm toward one of agility and orchestration.