All Change in Cybersecurity!
All Change in Cybersecurity!
A Warning from the NSA, CISA and NIST on Post-Quantum Cryptography
On May 2022, Joe Biden signed a memo that started a clock ticking down to the removal of our existing public methods. Within the next few years, this will likely see the deprecation of RSA and ECC methods and cause one of the most radical changes in cybersecurity ever!
Overall, the core of security and trust on the Internet is based on public key encryption. While symmetric key encryption is the workhorse, asymmetric methods (aka public key encryption) is the orchestrator of most of the key elements (sorry for the pun!). And, so, while the privacy of our access to this web page is likely to be implemented in AES or ChaCha20, the encryption key that you use is likely to have been generated using Elliptic Curve methods. And the checking of the validity of the site is likely to have been generated from an RSA or ECDSA signature.
The Core of Privacy on the Internet: ECDH
Over four decades ago, Whitfield Diffie and Marty Hellman came up with a method of generating a shared encryption key by passing public values. This used discrete logarithms:
Unfortunately, discrete logs are not efficienct any more, and thus we typically use elliptic curve methods now (with the ECDH key exchange method):
The Core of Trust on the Internet: Digital Signatures
At the core of trust on the Internet is thus the PKI (Public Key Infrastructure), and where we digitally sign data. For Bob can generate either an RSA or ECC key pair, take a hash of data, and sign with his private key. Alice then checks this signature with the associated public key. An important element of this is that Alice cannot trust Bob to pass the public key, and so Trent encapsulates it in a digital signature and signs this with his own private key:
In FIP 186–5, the main digital signatures are RSA, ECDSA and EdDSA. All of which will be cracked with a quantum computer and reveal the private key from the public key.
Deprecating Public key encryption
As you may know, our existing public key encryption methods are at risk due to Peter Shorr’s algorithm. And, so, in May 2022, Joe Biden signed off a memo which committed the US to advance its quantum computing leadership and also in defending against the risks that are posed by existing public key encryption methods [here]:
It outlined:
Yet alongside its potential benefits, quantum computing also poses significant risks to the economic and national security of the United States. Most notably, a quantum computer of sufficient size and sophistication — also known as a cryptanalytically relevant quantum computer (CRQC) — will be capable of breaking much of the public-key cryptography used on digital systems across the United States and around the world. When it becomes available, a CRQC could jeopardize civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most Internet-based financial transactions.
High on the list of actions is the deprecation of existing public key encryption methods:
Within 90 days of the release of the first set of NIST standards for quantum-resistant cryptography referenced in subsection 3(a) of this memorandum, and on an annual basis thereafter, as needed, the Secretary of Commerce, through the Director of NIST, shall release a proposed timeline for the deprecation of quantum-vulnerable cryptography in standards, with the goal of moving the maximum number of systems off quantum-vulnerable cryptography within a decade of the publication of the initial set of standards. The Director of NIST shall work with the appropriate technical standards bodies to encourage interoperability of commercial cryptographic approaches.
Now the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and National Institute of Standards and Technology (NIST) have come together and issued a warning; you should take notice. This relates to a Cybersecurity Information Sheet (CSI) on Quantum Readiness:
At the current time, NIST is finalising a set of PQC (Post Quantum Cryptography) methods, and which are likely to be finalised in 2024. The methods progressing to standardization are CRYSTALS-Kyber for key exchange and public key encryption and CRYSTALS-Dilithium and SPHINCS+ for digital signatures. Kyber and Dilithium are both lattice-based methods, while SPHINCS+ supports a hash-based signature method. NIST has also opened up a new round of methods.
The core of the recommendations involves the definition of a Quantum-Readiness Roadmap (CRQC), and an engagement with technology vendors on the best routes for migration. Along with this, they recommend that all of the areas of business which use existing public key encryption methods should be identified, and especially for those applications which use sensitive data and which are used in critical infrastructure. These could include asset management, access control and identity management. The most likely targets are likely to be the usage of RSA for encryption, ECDH for key exchange, and RSA and ECDSA for digital signatures.
Conclusions
And, so, be prepared. If you are interested, I will be presenting on PQC at the following events:
- The Threats and Opportunities of Quantum Computing [here]. Thursday, 14 Sept 2023, in Glasgow.
- Crypto 101/Quantum, NatWest, 26 Sept 2023 in Edinburgh.
- Crypto FinTech Seminar [here], 6 Oct 2023 in Edinburgh.
- The Greatest Threat to the Internet: Quantum Computers [here], #Risk, Wednesday 18 Oct 2023 in London.
Here is more information on Post Quantum Cryptography: