The National Institute of Standards and Technology is believed to be very close to announcing third-round finalists and alternates for post-quantum cryptography (PQC) standards. Many people in the quantum technology sector have been expecting the announcement for months, and more companies have started entering the discussion of how enterprises can craft strategies to be ready for what lies ahead.
Intel is among the latest, having shared at the recent Intel Vision conference what it described as a multi-pronged approach to protecting corporate and government enterprises from the threats posed by quantum computers.
First off, according to Manoj Sastry, Principal Engineer, Intel Labs for Security and Privacy Research, and lead researcher for PQC, Intel urges organizations that have been using AES-128 bit encryption on their devices to upgrade to AES-256, which because of its longer key sizes and the resources likely required to break its encryption, has been considered by many firms to be “quantum resistant.”
This needs to be done sooner rather than later because attacks are happening now in which attackers are stealing encrypted data with the hope of using a quantum computer later to decrypt it.
“This points to a potential for a significant disruption of our digital infrastructure,” Sastry told Fierce Electronics. “So one could ask, ‘Why worry about this right now?’ Well, that is why you should worry about it now.”
He added, “Increasing the key size for hashing algorithms could increase the digest size to make it resilient to quantum effects.”
Secondly, companies can use quantum-resistant algorithms at multiple levels, not only for device hardware, but also for “code-signing applications” for firmware and software authentication as many security attacks have started to target this arena.
Most importantly, Sastry said organizations need to start replacing legacy public key cryptography algorithms with tougher options. This could mean using quantum-based approaches like quantum key distribution (QKD).
“In quantum crypto, basically, we use quantum physics to achieve greater security,” Sastry said. “It uses the underlying quantum mechanics and requires a quantum infrastructure to be in place for us to use it.” Network operators such as Verizon, BT in the U.K., and SK Telecom and Korea Telecom in Korea are working to develop QKD networks.
But, another option is PQC, which leverages existing technology and does not require a quantum computing infrastructure to be part of the process. Despite delays in the NIST standards announcement, many PQC encapsulation and signature algorithms already are available.
“Post quantum crypto uses existing infrastructure so there are no new requirements here, and it's based on mathematical problems that are considered difficult even for quantum computers to solve,” Sastry said. “And further it offers a full suite of public key algorithms to change encryption and signatures as needed.”
During the multi-year, ongoing PQC standardization effort, Intel aggressively has pushed a PQC approach called bit-flipping key encapsulation (BiKE), which as of this writing reportedly was positioned to be announced as an alternate candidate by NIST. There is still a possibility that it could end up being a finalist, as even after the NIST announcement the standards that qualify as finalists still will need to undergo further evaluation and testing during the next few years. Sastry said NIST is expected to offer future guidance on alternate candidates when it makes its anticipated announcement.
“So, what we have is a three-phased approach where in phase one, we focus on the data harvesting problem by increasing the key sizes of current encryption,” Sastry said. “In phase two, our objective is to increase the robustness for code-signing applications. And here we've adopted a hybrid approach, which combines both the classical crypto schemes with the post quantum crypto schemes, and then phase three, to mitigate threats to transactions over the internet we've been actively investigating both the key encapsulation mechanisms which we'll use for establishing a secure channel as well as digital signature candidates, which are responsible for authenticating the two parties.”