In this month’s newsletter, we examine a somewhat futuristic topic that has been making waves in the security community for a few years already. Quantum computing (QC), or more precisely, the threats it poses to public-key crypto systems are looming on the horizon. Until now, no sufficiently powerful quantum computer exists that could break today’s standard algorithms in a reasonable amount of time. Once they are here, though, the impact to our digital infrastructure will be severe. The question is: When is the right time to transition to post-quantum cryptography (PQC)?
Start preparing for the migration, says CISA
In a recent publication, CISA warns about the potential risk of QC to critical infrastructure. The agency describes how QC threatens the United States’ National Critical Functions (NCF), and outlines what is necessary for them to transition to PQC. The paper also contains a list of helpful PQC resources by CISA and other organizations.
QC impact on communications networks
In a whitepaper titled Preparing Communications Networks for the Quantum Future, ATIS discusses QC threats and opportunities, specifically for the internet and cellular communications infrastructure. Both of these domains will be impacted, given that public-key cryptography is an essential part of almost any modern computer network. However, work has already started to transition these complex, interconnected systems to PQC.
Determining the new PQC standards
NIST has been assessing PQC algorithm candidates for a number of years and the security community has been eagerly awaiting their recommendations. Then in July, NIST announced the initial four PQC algorithms supposed to form part of its upcoming standard. Specifically, one encryption algorithm and three algorithms for digital signatures.
PQC is not bullet proof
Beyond the initial four, NIST had also announced they planned to include four additional algorithms. Among them, an encryption algorithm called SIKE. That is, until researchers from KU Leuven published a paper describing an attack that allows to to recover the encryption keys and break the cipher. Even worse, it took the researchers merely an hour to do so – on a traditional PC!
Catch up with the latest trends in PQC and beyond
If you have visited the Cybersecurity Magazine website recently, you may have noticed that we partnered up with ETSI as an official media partner of the 2022 ETSI Security Conference. Held from Oct 3-5 in Sophia Antipolis, it is one of the most important European security events, bringing together recognized security experts from around the world. Aside from PQC, the agenda contains talks and panels on topics such as 5G, AI, the European Cyber Security Act, IoT and Connected Device Security, and Co-ordinated Vulnerability Disclosure (CVD). Learn more about the event and how to register on the ETSI website.
Cybersecurity Magazine Editorial Team