September 2023 Update: Marking a nearly seven-year process and the final steps towards the world’s first post-quantum cryptography standards, the U.S. National Institute of Standards and Technology (NIST) released draft standards for quantum-safe algorithms on Aug. 24.
The transition to quantum-safe cryptography will hinge on two steps: inventorying all cryptographic assets and achieving crypto-agility through automation and centralized management. DigiCert’s customers investing in crypto-agility have deployed DigiCert® Trust Lifecycle Manager, which provides a comprehensive solution to discover, manage and automate digital trust across their organization.
For additional guidance on preparing for the transition to quantum cryptography, please refer to this blog.
While it is uncertain when exactly quantum computers will arrive on the scene, it is certain that they will. In 2022, the National Institute of Standards and Technology (NIST) announced four post-quantum algorithms for standardization, with the final standards expected late this year or early next. In tandem, working groups are exploring the best methods for integrating these algorithms into IETF protocols and digital certificates.
Although the final decisions on algorithms still need to be made, it is not too early for companies to begin preparing for a post-quantum future. Some organizations will feel more urgency about transitioning to PQC than others, particularly those in industries such as financial services and healthcare. But the guidelines are similar and something any organization will need to address if they have data to secure (which is pretty much everyone).
So how do you begin preparing for a PQC future? You should focus on three factors:
There is no one single answer to questions like “When is a cryptographically relevant quantum computer likely to impact to my security considerations?” or “How long do I have to migrate my systems?” Instead, you must evaluate your security needs and determine the level of risk your organization can tolerate.
In most cases, the date by which you need to complete the transition to PQC depends on the importance, sensitivity and expected lifespan of the data you’re seeking to safeguard. For example, a nonprofit hospital chain responsible for handling a patient’s HIPAA-protected history requires a higher overall level of security than a small catering business whose data may be limited to payment card information. But it isn’t just the regulatory requirement that puts the hospital chain at more risk. They also need to consider the potential lifespan of these records. EHR is associated with a patient their entire life, so the records of a healthy 40-year-old patient could span decades into the past and decades into the future, well past the expected arrival of mainstream quantum computing.
The timing of the updating your algorithms also depends on the use case. TLS/SSL authentication is not threatened until quantum computers are actually available. However, for things like signatures and key exchange mechanisms, signatures applied today and traffic being made with keys exchanged today may be vulnerable to attack by computers in the future. So, for high-security information involved in those use cases, the update to quantum resistant algorithms needs to be complete well in advance of quantum computers being available.
Electronic voting, for example, depends on signatures that determine the veracity of voting records over a period of years. Therefore, it is essential to complete the update to PQC algorithms well in advance of quantum computers becoming a threat. Similarly, IoT devices can live in the field for decades and need to be secured with PQC algorithms well ahead of other forms of cryptography.
Standards groups are actively working to update encryption standards for commonly used algorithms like PQC and S/MIME. The final versions of PQC standards are expected to be released in 2024, with protocols being published soon after. If you’re like most organizations, you’ll probably wait until these standards are set before delving into this aspect of your strategy.
However, you do need to prioritize which data and systems are most in need of protection. That requires you to do an inventory of all your potentially vulnerable assets to choose the order in which they need to be addressed to keep them safe in a PQC world. Once you have sorted that out, you need to know how these assets are currently being protected and what you will need to do to keep them that way.
In addition, you also need to have a crypto-agility strategy to automate this process of exchanging keys and certificates that can’t withstand quantum computing with those that will. DigiCert®Trust Lifecycle Manager already has automation capabilities built-in to bulk replace certificates — and so you may want to implement it into your PKI/CLM strategy long before it becomes essential to address such an event.
In conclusion, the transition to PQC is not a simple one, and decisions on cryptography updates will depend on various factors, including security level, risk tolerance and use case. Organizations must begin considering the lifespan of the data they are protecting to determine the appropriate plan for the transition. The stakes are high, but with proper planning and coordination, we can ensure that our digital infrastructure remains secure in the post-quantum era.
We’ve been talking on the DigiCert blog about how quantum computers could impact various devices and use cases. Check out the series at https://www.digicert.com/blog/category/post-quantum-cryptography.