Crypto-Agility in the Era of Quantum

Thoughts from RSA Conference 2020

March 23, 2020 • Published by

Cryptography is the most indispensable device in the modern cybersecurity toolbox, bar none. It helps organizations protect the confidentiality of their sensitive data by rendering them meaningless to anyone without a secret key (through encryption). It elegantly facilitates secure communication between parties that have never met before (using public key exchange). It is used to check the integrity of messages (by hashing), and at the same time, authenticate and irrevocably link such messages to the person who sent them (signing).

So, what’s the problem? The current set of NIST-approved cryptographic algorithms is quite safe against cybercriminals of the present; however, these algorithms are not safe for the quantum computers used by the criminals of the future.

How Quantum Computers Change the Game

Classical computers make use of the traditional binary state of transistors or silicon circuits, which at any moment are in one of two memory or computational states: one or zero. With only two possible states, a bit can only be used in one calculation at a time. On the other hand, quantum computers—while not yet perfected—make use of subatomic particles that are capable of existing in multiple states simultaneously, therefore representing a seemingly infinite number of values.

Using this phenomenon of superposition, a quantum computer can perform an incredibly large number of calculations simultaneously, called parallelism. While it is not possible to read the outcomes of every calculation, it is possible to read the overall state resulting from all calculations. And armed with a well-designed quantum program logic, all but the desired result can cancel each other out, resulting in an overall state that provides extremely useful information for the quantum computer operator.

Even though the most advanced quantum computer prototypes today can only hold a few dozen quantum bits—or qubits—of data (enough to do very trivial calculations), it is only a matter of time before these computers are able to hold enough information to break even the strongest of today’s asymmetric encryption algorithms.

Designing for Crypto-Agility

The good news is that the smartest cryptographers around the world are already working to solve this problem. In 2012, the NIST Post-Quantum Cryptography (PQC) project was announced to aid in preparation for these inevitable attacks. In 2016, the PQC competition was announced and since last year, the 26 remaining submissions have been undergoing evaluation for recommendation as the next quantum-safe algorithm(s). The PQC expects to release the draft standards in the next two to four years.

So, while quantum computers are still a few years out, so are the algorithms and key management schemes that will solve this problem. Even so, it’s important to begin thinking now about their future impacts to our crypto systems. How can we begin to prepare our systems to quickly meet the challenge of tomorrow’s adversaries?

There are four important things we need to be thinking about when building crypto-agility into our applications and systems for the coming quantum era:

  1. Data Classifications: What types of data are you encrypting, and how sensitive are those data? Not surprisingly, many organizations use encryption as a panacea without considering the sensitivity of the underlying data.
  2. Crypto-Period: Once you know the sensitivity of what you are encrypting, ask yourself: Will those data still be sensitive ten years from now? If so, you need to start thinking today about how you’re going to re-encrypt that data using quantum-safe algorithms once they are available. That’s because adversaries can be intercepting that encrypted traffic today, knowing that when they are finally able to decrypt it, it will still have value.
  3. Timeline: Doing your research, when do you believe a reasonable adversary will have access (and motivation) to use a quantum computer capable of breaking your current encryption? How long will it take you to switch to one of the quantum-safe algorithms?
  4. Data Stores: Finally, it’s important to keep in mind the data stores that you’re using to store the metadata associated with your current algorithm and key so that you are ready when the time comes to re-encrypt your data using quantum-safe algorithms. The key sizes are going to be much larger, and these algorithms may require additional primitives or parameters which are not as straightforward as those used for current asymmetric standards such as RSA, ECC, DH, ECDH, ECDSA, etc. They’re also likely to use advanced mathematics which may need a lot of metadata to support the larger keys.

There are online resources available, such as, that can give you access to some of the early-selection algorithms. While not yet selected by NIST, these algorithms can help you understand the types of data you will need to be able to support in your post-quantum crypto systems.

Have questions regarding the security of your organization’s encryption capabilities? Give ControlScan a call at 800-825-3301, ext. 2. We’re happy to help.