The pace of technological development is steadily accelerating. Due to the rise of quantum computers the existing cryptography algorithms may become obsolete any day and your network may become vulnerable. Since changes in the area of trust management are rarely easy and without complications, it is reasonable to start preparing for the migration to post quantum cryptography. The need may be accelerated by the possibility of the „harvest now, decrypt later“ attacks.
Moreover, the regulatory frameworks such as NIS2 and PCI DSS 4.0 take an ever-closer look at the use of cryptography with regular updates of the admissible algorithms forcing the regulated entities to make swift migrations to strong cryptography to prevent vulnerabilities.
The National Institute of Standards and Technology (NIST) is hard at work developing quantum-resistant algorithms. The first set of post-quantum cryptography (PQC) algorithms was announced in July last year and the standardization of all algorithms is expected to be completed by 2024. The first likely champions to be standardized are the CRYTALS-Kyber, CRYSTALS-Dilithium, FALCON, SPHINCS+, it is already possible to apply post-quantum algorithms in your network, if you have the right technology stack.
Approaches of introducing the PQC algorithms
Many experts recommend starting to prepare the transition now and start using a hybrid approach, which lets you combine the classic and post-quantum algorithms. This way your data and communication may be secured against current and future threats and the deployment of post-quantum cryptography can be gradually introduced to your network. The risks associated with new algorithms can be assessed and there is a possibility of a swift rollback to classical algorithms, if necessary.
There are following approaches of introducing the PQC algorithms:
Composite approach
By this approach there are two cryptographic objects concatenated composing a hybrid. For example, there are 2 algorithm information including signatures or 2 keys concatenated together to perform a cryptographic operation.
Hybrid approach
This is very similar to the composite approach, but the post-quantum objects are added through X.509 extensions, such extensions can be non-critical so as not to disrupt the legacy applications and ensure backward compatibility.
Parallel approach
In this mode there is another independent chain added to the workflow, which uses only post quantum cryptography.
You can prepare for PQC now
Preparing the technology stack, structuring all your cryptographic objects according to their function and considering their migration and long-term operation is already viable. By a timely preparation and introduction of post-quantum cryptography to your network, you can be ready for a swift transition, when the need arises and maintain the required level of security and compliance.
Discover how we can help you with the smooth transition process from and support PQC today. Discover, how CZERTAINLY platform can be used for hybrid encryption and signature schemes and migrate to post-quantum safe environment.
Get more information about the CZERTAINLY
CZERTAINLY is an open-source platform for effective and efficient trust lifecycle management and automation for companies of any size and individuals. One of its goals is to provide an easy and affordable way to secure digital communication and support information security in more and more connected world.