Cryptography has long served the foundation in addressing security concerns ranging from privacy, authentication, confidentiality, trust, to system integrity and fair play. Cryptographic algorithms and key strengths are regularly reviewed against computing powers in the near future, re-assessing if cryptanalysis could be achieved over a shorter period of time.
Adversaries or bad actors have been harvesting huge amounts of encrypted data (i.e. non-perishable data of value) and with the advancement in quantum computing and efficient quantum algorithms, that can easily factorise large numbers, secure communications and storage are in risk to be nullified in the near future. Once the public key algorithms can be broken, organisations and economies will be heavily impacted as all of the existing security systems would be compromised.
Call for alternate crypto systems
To mitigate the risk, Post Quantum Cryptography (PQC) is critical to secure against both quantum and classical computers and achieve interoperability across systems. Since 2017, the National Institute of Standards and Technology (NIST) has initiated a PQC competition to solicit, evaluate, and standardise one or more quantum-resistant public-key cryptographic algorithms. With seven algorithms shortlisted, NIST targets to finalise the standardisation in 2022.
Standardisation is important but it marks the beginning of a long process. Standardisation not only defines the cryptographic algorithm, it also comes with a set of secure protocols to use the algorithm. It is imperative that organisations need to plan for transitions, reassess existing hardware resources, validate implementation process and still maintain business-as-usual, as not all solutions will be ready in time for PQC and different security vendors may have implementation discrepancy.
While PQC serves as the ultimate goal in replacement of existing classical algorithms in the quantum era, organisations will still have concern that over time new vulnerabilities may be found in the standardised algorithm. While this can be mitigated with support for at least two PQC algorithms chosen for each category of protection (public-key encryption, key establishment and digital signatures), it is difficult to ensure that both implementation are supported by all security vendors as systems still need to interoperate. The most impacted system will be the Public Key Infrastructure (PKIX), as it will require a re-setup once different algorithm is deployed and there are already multi-key mechanisms for PKIX being drafted to hedge algorithm compromise.
To overcome the challenge, some organisations are also adopting “Quantum Cryptography” through Quantum Key Distribution (QKD), which harnesses the principles of quantum mechanics to reinforce communication security, ensuring provable security. The technology uses photons of light for data transfer and relies on the detection of eavesdroppers over the communication medium. Through means of privacy amplification, it allows two parties to distil a secret key from a common random variable where eavesdroppers may have partial information of it.
As with all security concerns, the crux of all design hinges on the implementation correctness. It is important for these devices to be validated by qualified and independent authorities. We are building a QKD enabled encryptor with National University of Singapore (NUS) as part of Quantum Network R&D collaboration.
Threshold cryptography is another rising trend. It adopts a perspective that systems should be resilient against multiple failures and not having keys dependent on a single entity, even though gaps exist within system implementations and may be compromised through an exploited vulnerability. Threshold schemes are designed to be operative and tolerant to potential system failures that fall within the designated threshold number. Through means of secure multi-party computation and distributed systems, threshold cryptography is meant to be intrusion-tolerant. It relies on secret splitting across multiple parties with the threshold property of the scheme determining the reconstruction of keys based on the number of key shares. Through this method, revelation of some shares of the keys (within the designed threshold) does not expose the operational key. Such schemes are mathematically applicable to NIST-approved algorithms such as signature algorithms (RSA, DSA) and symmetric encryption algorithm (AES).
While threshold cryptography is a new area, it can be applied to deal with side channel attacks through non-invasive interventions to reveal the keys. Organisations will need to take into consideration the tradeoffs that may result from a distributed system, such as addressing operational latency and system availability without incurring high costs.
Organisations and product vendors are now preparing to adopt quantum resistant security. Post quantum cryptography standardisation and certifications are necessary and will need to be addressed very soon as it takes time to adapt and transit towards these new standards.
Enquire for more information at cybersecurity@stengg.com