HOW DO I DEAL WITH A THREAT THAT HASN’T YET EMERGED?
Practical ways to start the post-quantum migration
Soon after Richard Feynman predicted the utility of a quantum computer based on qubits rather than binary circuits, researchers came up with a broad array of research applications for this advanced system that would surpass our current limitations of binary computing. Very soon the realisation dawned that conventional encryption approaches would fall victim to the rapid factoring capability that quantum computers can achieve over legacy encryption approaches.
With the proof of Quantum Supremacy demonstrated two years ago, the clock has started for the standards bodies to update their cryptography standards to avoid focused decryption attempts conducted with a factoring-attempt to break RSA encryption.
Post-Quantum has joined in the initiative with other researchers to bring to market a new post-quantum cryptography standard that can provide the necessary added layer of security to traditional networks and file encryption. NIST third round candidates include our “code based” technique “Never The Same”, now known as « Classic McEliece » after joining forces with renowned cryptographer Daniel Bernstein and his team, as a mechanism for preparing for the post-quantum future. Using this approach we ensure that legacy and future logins cannot be used to create a repeatable pattern that would surface a vector of network vulnerability.
At Post-Quantum, we assert that enterprise IT teams need to plan on two levels of security
for post-quantum readiness. The first is the network layer for information in transit. This encryption approach ensures active sessions cannot be eavesdropped that may be leveraged at a future time for network or file access. Secondarily, there needs to be a means of trust-establishment for individuals who are given access within this system.
As public key cryptography is used everywhere, any enterprises that want to start quantum-proofing their systems, will have to start from somewhere. For readers who are old enough to remember Y2K in the late 1990s, governments and enterprises had to audit every single system to ensure there was no impact from the change of date to 1/1/2000. It had a definite deadline with unknown impact. Y2Q is the exact opposite, the deadline is not definitely known but the impact will be maximum and immediate. Once a functional quantum computer comes into existence, the current cryptographic protection will become redundant immediately, no matter how long your encryption keys become.
The most logical place to start is actually with identity to ensure bad actors cannot compromise user credentials and gain ‘legitimate access’. This should then be closely followed by a secure VPN connection for transmission, which will form part of the secure gateway to a future proof ecosystem. Without first considering identity, the rest of the infrastructure becomes redundant as the wrong person will have the opportunity to steal credentials and walk in through the front door.
While the NIST post-quantum encryption standards will be finalised soon, the identity layer can be addressed now. The importance and urgency of doing so have been laid bare by the recently reported SolarWinds hack. Whilst the whole saga is still unravelling, it does appear it was caused by lapses in employee authentication and software update accountability. Rather than doing a Y2Q audit on every identity module used in a large enterprise’s different platforms, one easy to implement solution is to upgrade to a single cloud based SaaS model for granting quantum-ready, multi-factor authentication, by utilising a threaded approach over a zero-knowledge transaction.
Avoiding correlation between the threads is a first level of defence; binding to biometric authentication in two or more channels is the secondary layer. With this kind of single maintenance cloud-based ID as a Service, enterprise CTOs and CISOs can validate that factors used to authenticate employees or customers are within their direct control, across all their platforms.
A final and philosophical thought on quantum superpositon and entanglement. Whilst Richard Feynman is widely known as the Father of Quantum Computing, the McEliece cryptosystem is often accepted as the first proven system which can counter quantum computing attacks. It was proposed at the same time in the late 1970s by Robert McEliece, a fellow professor at Caltech. We sincerely hope he will be recognised as the Father of Post-Quantum Cryptography. The two great men probably never met but their pro and counter quantum theories were superpositioned on the same campus at the same time; and they are now immortally entangled, as the mention of one will automatically trigger the thought of the other.