NIST spent the better part of a decade getting ready to release post-quantum cryptographic algorithms that, unlike RSA and Diffie-Hellman, will be resistant to Shor’s algorithm running on a sufficiently error-corrected quantum computer. The four cryptographic algorithm finalists were released just last month (July 5) and no sooner than reaching its one-month anniversary, SIKE has already been broken on a conventional computer – no qubits needed.
Could we have predicted this? For many in the cryptographic and network security world we saw this coming (eventually). But not which one, and how broken it would be. It calls into question the current priorities of many organizations on cryptographic risk and mitigation strategy. In fact, many organizations would be considered bleeding edge if they had a certificate management strategy, let alone a cryptographic algorithm strategy.
New cryptographic algorithms have a huge requirement list. The convenience of the public-private key system; fast computationally on a conventional computer, yet impossible to break on a quantum system; and most of all – be provably secure. The consequence is that these new algorithms are based on very “new math” or mathematical techniques that have only been around for a few decades. These complex math problems have not yet stood the test of time and level of scrutiny time provides. We must accept that it is likely that some of the remaining PQCs will also be broken at some point in time, only to be replaced by newer and different ones vis-a-vis crypto agility. So, which ones can we conclusively bank on? That’s a question nobody knows the answer to.
Consider the following analogy. When you want to store a lot of data without the risk of losing it, you purchase multiple hard drives. You know that some will fail in time, but not when, and not which. Therefore you create a redundant array of disks, and overall your data is safe. We’d argue a similar strategic approach is needed with new cryptography. We don’t know WHICH algorithm will fall, and WHEN, but we know from experience that some WILL at some point.
How do we create a proactive strategy around redundancy in cryptography? That’s where the industry has not yet caught up. Even asymmetric key management is not a universally embraced solution at most businesses – and these strategies depend on the algorithms, as well as their software implementations, to be completely dependable. This is an example of the mathematical foundations of the algorithm crumbling. What strategy does any enterprise have for dealing with that? Few platforms exist that are able to switch algorithms on the fly without dropping packets or introducing latencies.
Like any emerging problem, there’s some budding attempts that are mostly missing the mark. The term crypto agility has been coined (and parrotted) by many as an effective and necessary countermeasure to PQC failings, but it leaves a gaping hole. SIKE was defeated, but if you are a crypto-agile organization, you just need to switch to a different algorithm. But a lingering and dire issue exists. Assume the proverbial hard drive failed in a “byzantine manner,” where it appears to be working, except your data is slowly being corrupted. Using a similar thought process, what if the next PQC is already broken, except only a select few spooks know about it? This may very much be the case – and if not now, then soon.
Any proper enterprise risk strategy centers on redundancies to remove single points of failure. This is called risk diversification and it will start to enter discussions at the highest levels as the realization sinks in that the very fabric of cryptography can no longer be blindly relied on. Risk averse CIOs must start to prepare for a future where cryptographic stacks are managed much like unreliable hardware stacks – redundancies at every level and an ability to apply policy through software quickly and decisively.
A software platform that supports the implementation of a corporate cryptographic strategy and avoids the need to update every network device and software agent when the corporate policy shifts or circumstances change will soon be a requirement. Good thing there’s Phio TX from Quantum Xchange to get you started.
Don’t fall victim to any one bug, flaw, leaked certificate, or PQC algorithm. Deploy CryptoDiversification by Phio TX.
