Avatar

If you’re involved in network security, you’ve likely heard about the threat of quantum computers and the need for post-quantum cryptography (PQC). What you may not be so familiar with is the immediacy of the risk. “Q-Day” is coming — a moment when cryptanalytically relevant quantum computing (CRQC) will be able to break all public-key cryptography systems in operation today. Malicious actors are harvesting encrypted data that they anticipate decrypting once Q-Day arrives. Known as a “Harvest Now, Decrypt Later” (HNDL) attack, we discuss the challenge of mitigating this most serious threat in our new paper, Cryptography in a Post Quantum World.

How the U.S. government and standards bodies are responding to the threat

The U.S. government has been taking action in anticipation of Q-Day, including a 2022 Biden administration Executive Order (EO) and National Security Memorandum (NSM) directing the National Institute of Standards (NIST) to, “publish new quantum-resistant cryptographic standards that can protect against these future attacks.” NIST followed through and recently published three quantum-safe encryption algorithms as part of its quantum-resistant Federal Information Processing (FIPS) standards.

In parallel, the National Security Agency (NSA) issued the Commercial National Security Algorithm version two (CNSA 2.0), which requires companies and government agencies working with National Security Systems (NSS) to implement accepted quantum-safe encryption by 2030. For network devices, the NSA prefers availability by 2026. As a result, today is a good time to start protecting your data with quantum resistant encryption.

Protecting Yourself Today and Tomorrow

Security professionals feel confident that the NIST PQC and CNSA 2.0 algorithms will deliver quantum-safe encryption. Vendors are actively working to incorporate PQC into products.  However, fully tested standards-based solutions will still take a while to become available. In the meantime, the HNDL threat looms large.

Using existing encryption and key management technologies, enterprises can realize quantum-safe encryption today without waiting for implementations using the NIST or CNSA 2.0 algorithms. For instance, one can use legacy encryption technologies to obtain keys used to encrypt/decrypt data without relying on asymmetric cryptography, which is vulnerable to quantum computing. There are three methods for accomplishing this goal today:

  • Manually pre-provisioned keys, e.g., configuring network devices with a quantum-safe key using existing technology.
  • Quantum Key Distribution (QKD) systems, e.g., using an external key management system to create quantum-safe keys.
  • Integrated Key Management Services (KMS), e.g., providing quantum-safe keys on demand.

Conclusion

Q-Day is coming. HNDL is a present risk, even if its impact is in the future. NIST and the NSA have created standards for quantum-safe encryption. These are viable technologies, but their implementation timeframe is too long for them to provide protection in the present. As an alternative, it is possible to use legacy cryptography methods in a hybrid fashion combined with the new standards to enable quantum safe encryption. Cisco can help with this approach, as well as with related solutions for quantum safe hardware and networks.

Additional Resources

Related Blogs


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels

Instagram
Facebook
Twitter
LinkedIn



Authors

Mike Luken

Senior Product Manager

Security & Trust Organization