Part 3: The Cost of Implementing Quantum Cryptography + Enhancing Cryptographic Agility
This is the third and final installment of the blog series sharing Quantum Xchange’s responses to the White House Roundtable on PQC.
On Jan. 26, 2024, Quantum Xchange joined the White House Office of Management and Budget (OMB), the White House Office of Science and Technology Policy (OSTP), and other members of the intergovernmental PQC Migration Working Group to discuss, debate, and prepare formal guidance for government agencies as they begin their efforts to replace legacy encryption with post-quantum cryptography (PQC).
Q: What additional costs should be anticipated as part of the PQC migration beyond what agencies already budget for as part of standard activities such as periodic technology refreshes?
Q: What additional costs should be anticipated as part of the PQC migration beyond what agencies already budget for as part of standard activities such as periodic technology refreshes?The migration to PQC is expected to go beyond the scope of standard technology refreshes, introducing new dimensions in cryptographic management and compliance that require investment in processes, staffing, and regulatory adjustments.
These changes represent a shift in how cryptographic risks are managed and will likely require a corresponding allocation of resources to effectively address these emerging challenges.
- New Functions and Processes: With cryptography becoming a critical aspect of government operations, new functions related to managing and understanding cryptographic risk are emerging. This development necessitates establishing new processes and potentially additional staffing, leading to increased costs.
- Risk and Compliance Management: Part of the PQC migration will involve the integration of cryptographic risk management into existing risk and compliance frameworks, which currently focus on attack surface analysis.
Adapting these frameworks to include cryptography will involve collecting and tracking data, as well as setting and implementing new business processes around cryptographic management. These changes are likely to incur additional costs.
- Regulatory and Legislative Costs: Establishing minimum standards of care around cryptographic redundancy, crypto agility, and cryptographic risk analysis will likely become part of regulations such as the Federal Information Security Management Act (FISMA). The process of integrating these standards into legislation and regulation will result in additional costs at the legislative level.
Q: How can the PQC migration process be used to enhance cryptographic agility across a network?
Q: How can the PQC migration process be used to enhance cryptographic agility across a network?The enhancement of cryptographic agility during the PQC migration process can be achieved by mandating it through a combination of legislative action and standards development. Key aspects include:
- Requirement of Cryptographic Agility: By making cryptographic agility a mandatory capability, networks will be compelled to develop the necessary control and management mechanisms. This approach ensures that agility is not just an optional feature but a core aspect of the cryptographic framework.
- Process and Vendor Support: Effective management of cryptographic agility requires robust processes, which involve policy management and implementation strategies.
Additionally, control over cryptographic agility requires support from vendors. This implies that vendors must be capable of providing solutions that are flexible and adaptable to evolving cryptographic standards.
- Legislative Mandate: Legislation can play a crucial role by setting a minimum standard for cryptographic agility and the processes surrounding it. Such legislation can also enforce vendor support for agility, ensuring that all players in the industry adhere to these standards.
- Vendor-Agnostic Standard: A recommended approach to enhancing cryptographic agility is the adoption of a vendor-agnostic standard for crypto policy control. This standard would ensure that cryptographic policies and their management are consistent across different platforms and technologies, facilitating easier and more efficient adaptation to new cryptographic methods and threats.
The Forbes article, Enterprise Crypto-Agility Requires Policy Management, further emphasizes the importance of policy management in achieving crypto-agility. This piece explores the detailed strategies and considerations necessary for effective policy management in the context of cryptographic agility.
Overall, enhancing cryptographic agility during the PQC migration process involves a strategic blend of legislative action, process development, vendor collaboration, and the adoption of universal standards. This approach ensures a coordinated and comprehensive upgrade to cryptographic systems that are resilient, adaptable, and prepared for future challenges.
- Mathematical Maturity of PQC Methods: The PQC methods are relatively new from a mathematical perspective, and there is no proof that they are unbreakable. History shows that it often takes decades to understand the full implications and weaknesses of new inventions.
The mathematical problems underlying the current PQC candidates have not been extensively studied, and it is important to remember that in complex mathematics, breakthroughs and understandings can take centuries.
- Potential Vulnerabilities: The novelty of these cryptographic methods implies a higher likelihood of undiscovered vulnerabilities. This has been exemplified by recent developments, such as the revelation of weaknesses in previously peer-reviewed algorithms like Rainbow.
It is only a matter of time before new encryption standards are found to be weakened or broken, as has been observed with SIKE and KyberSlash.
Q: What topics have not been covered in these questions/the roundtable regarding PQC migration that should be taken into account?
Q: What topics have not been covered in these questions/the roundtable regarding PQC migration that should be taken into account?The migration to PQC requires not just a technological shift but also a paradigm shift in how cryptographic methods are developed, deployed, and managed.
The industry needs to be prepared for the rapid evolution and potential vulnerabilities of these new methods, and adopt strategies that incorporate diversity, agility, and a balance between proven and emerging technologies.
- Diversification and Multiple Approaches: Given the potential for new cryptographic methods to be compromised, there is a need for the industry to support the use of multiple approaches.
This includes mixing asymmetric key technology with symmetric key technology and transmitting keys through out-of-band channels. Developing metrics and benchmarks to measure the diversification of cryptographic strategies is also crucial.
- Lifecycle of Cryptographic Technologies: Typically, the development and deployment cycle of cryptographic technologies is very long, ensuring high reliability. This cycle includes stages like development, promotion, acceptance, initial deployment, production deployment, active use, and retirement. Quantum computing introduces an urgency that disrupts this long lifecycle.
- Adapting to Urgency: The traditional slow and methodical process of cryptographic development does not align well with the urgent need to migrate to PQC.
The industry must adapt by complementing and overlaying proven cryptographic methods with new ones, rather than outright replacement, fully expecting that new methods may be broken or compromised.
