What does crypto-agility mean in the age of quantum computers?
The best known and most trusted cryptographic algorithms are not immune to being cracked in a post-quantum age. Consequently, it is indispensable for companies and manufacturers of IT security solutions to understand the importance of crypto-agility and post-quantum cryptography and ultimately to implement it.
What does cryptographic-agility and post-quantum cryptography mean in the age of quantum computers?
Google, IBM and a start-up are already competing to develop the next quantum computers or supercomputers. Quantum computing exploits the ability of subatomic particles to exist in more than one state at any time. Due to the behavior of these subatomic particles or particles, operations can be carried out much faster and with less energy expenditure than conventional computers can still do today.
In the classical computer system, one bit is a single piece of information. Quantum computing uses quantum bits or “qubits” instead. These are two-state quantum systems. In contrast to an ordinary bit, they can store much more information than just 1 or 0.
Quantum computers are therefore able to solve mathematical problems, such as calculating very large prime numbers. Prime numbers are crucial in cryptography. Thus, it is very likely that quantum computers can crack secure cryptographic systems faster and without major problems.
What is post-quantum cryptography?
The post-quantum age includes quantum computers. Once these are available, some of the most important asymmetric algorithms used in cryptography today – for protecting critical infrastructures, software updates, payment mechanisms, media streaming, IoT devices, connected cars, government or financial secrets or documents – will no longer be secure.
Because of these risks, researchers are already working on developing technologies to become resistant to quantum hacking. This is called post-quantum cryptography or quantum safe cryptography in order to have implemented cryptographically secure algorithms and protocols in cybersecurity products in the age of quantum computers and which are then resistant to attacks by quantum computers.
One positive aspect is that quantum computers can make quantum-based cryptographic systems much more secure. This field of research includes the identification of mathematical operations for which the speed advantage of quantum computing has little or no advantages. Instead, a new, resistant structure of cryptographic systems is being developed around these mathematical operations.
What is cryptographic-agility?
Today existing cryptographic algorithm standards can be broken by quantum computing. Therefore, companies and organizations have to deal with crypto-agility. This means that IT security systems that work with encryption can switch from one cipher to another depending on the situation. Cryptographic-agility has long been a development concept within the crypto community. For example, the digital certificate standard x.509 (published in 1988) was developed with regard to crypto-agility.
Additionally, Government/industry regulators that do not trust standards based cryptography may have a desire to mandate ciphers that were created domestically in order to avoid foreign influence and potential back-doors. However, industry still needs commercial security tools and products in order for the regulated companies to adopt and use the new ciphers in networks and systems.
Crypto-agility means that it is easy to change from one implemented cipher to another without having to rewrite the entire software, for example. Depending on the extent of the quantum hacking, it is even possible that the current encryption key is retained and only changed to a secure and improved cipher.
Crypto-agility is therefore primarily concerned with the life cycle management of cryptographic algorithms and the customer-specific adaptation or exchange of cryptographic functions (cryptographic primitives).
What do you have to do to be crypto-agile?
When developing products based on encryption technology, it should be ensured that all cryptographic systems contained in them could be replaced as needed without recreating everything from scratch. One thing is clear: organizations that work with crypto-agility or use products that follow this principle will be more efficient and safer in the long run.
The good news is that quantum computer technology will make it possible to make new quantum-resistant algorithms available.