Spotlight on Post Quantum Cryptography Migration as NIST Releases PQC Standards
- Good morning, good afternoon, good evening to everyone. My name is Mark Manzano. I am the general manager of the cybersecurity group here at SandboxAQ. And today we are gonna be talking about the recently standardized PQC algorithms and all the initiatives that are being pushed worldwide around transitioning to this new set of algorithms.
Today I'm joined by Colin Soutar. He is managing director at Deloitte and he's a global quantum cyber leader. We are also joined by Andy Regenscheid, he's the lead of the cryptographic technology global Agist. And we're also joined by Carlos Aguilar Melchor, who is the chief scientist of cybersecurity, cybersecurity at SandboxAQ. Welcome everyone. We are gonna be talking about several topics, and we are going to be starting around an introduction about what is HQC and what are the NIST standards.
Andy, my first question goes to you. What, what are the NIST standards? How are they supposed to be used and why are they important? - Yeah, thanks, mark. NIST has a statutory responsibility to develop computer security standards used to protect non-national security systems within the US government. But going back to the, the data encryption standard in the 1970s, we've really viewed our mission more broadly than that to develop trustworthy, broadly accepted cryptography standards in an open and transparent manner to, to meet the needs of of government and industry.
So we have a broad suite of cryptographic standards for primitives like digital signatures, block ciphers, and modes of operation, hash functions and key establishment techniques using public key cryptography. With the threat of quantum computers against the current public key crypto systems used today, eight years ago, we embarked on a, a worldwide effort to identify vet and standardized new public key algorithms that are secure against both quantum attacks by a cryptographically significant quantum computer and secure against attacks by classical computers. This effort included, you know, researchers from around the world, starting with more than 80 candidates before we were finally able to select four. Now, just back on August 13th, we released the first three standards for quantum resistant public key cryptography from this, these included two digital signature algorithms and one key establishment mechanism for public key encryption.
These were, you know, FIPs 2 0 3, which is ML chem used for key establishment FIPS 204 MLDSA and FIPS 205, the stateless hash based signature scheme, SLHDSA. We think these standards will be, you know, quickly adopted by industry and standards organizations around the world to, you know, really address this emerging threat of that quantum computers face. - And you know, maybe to elaborate a little bit on what Andy said previously around, you know, NS role in terms of cryptography, I think that, you know, globally, they're certainly recognized as an institute that produces, you know, cryptographic standards that are used more or less around the world, right? That's a very important fact. We, we recognize that, you know, this needs to be tackled globally. Obviously a lot of our clients are global and so we wanna make sure that there's not only security, but, but interoperability.
So, so why now? Right? And, and you know, in the workshops and different panel presentations and so on that we do on this topic, I feel like there's usually a general trend of the conversation around what is a quantum computer, how can it affect cybersecurity? You know, what is the timescale for that to actually manifest itself as a cryptographically relevant quantum computer? And then we talk about error correcting codes and so on. And then usually it's, but wait, there's more. There's harvest now, decrypt later. We find that a lot of the discussions around that timeline sort of, they, they confound a lot of things together and it ends up being quite confusing.
I think the way that we tend to characterize it is this, that if you accept with all these moving parts, if you accept that there's a finite probability that a cryptographically relevant quantum computer will be available, let's say in the next five to 10 years, the real question is how long is it going to take you as an organization to upgrade your cryptography, repair your third party dependencies, you know, fix your supply chain and so on. Is it eight years? Is it 10 years? Is it 12 years? I mean, you know, past from SHA one to chat two, which was relatively straightforward, we hear some organizations a decade, you know, after that was, was prompted is we're still doing upgrades, right? So, so our view is not to be alarmist and say that the world is changing overnight. We see that the NIST FIPS standards that were released as a great starting point in terms of the actual upgrades, we are asking organizations or suggesting to organizations that they really start to take methodical steps now to understand what their exposure is, to start thinking about the roadmap for upgrades. And in that way they can do it through the normal course of business and not end up down the line where there's a scrambling to try and do the upgrades and conditions will not be ideal to do that. This is fabulous, Colin, thanks.
I'd like to move towards topic on the impact of PQC on business operations. Carlos, I would like to start with you, what are the changes that cryptographic protocols and systems will have to undergo given the new set of standards? - So the, the new cryptographic algorithms have different profiles in, in performance than what we had up now. So we, we have at some points higher sizes for keys or for cipher texts that are exchanged. And those changing profiles will imply that we have to adapt some protocols too.
So these new standards are being followed by a significant set of other standards that we're waiting for, needs to publish the final FIPS. And over the next 12 to 18 months, we are going to see quite a few standards that were ready to change, but waiting for the final specifications to, to be out. So there is going to be a one year, one year and a half of other STAs that are going to be impacted.
And there is also some new complexity, no, like right now we have today some cryptography that is very small, very efficient, and they're going to be replaced by a multitude of alternatives that have different performance profiles. So the management is going to be quite more complex and the decisions of where, what to run where and what's the optimal thing, it's something that will require some work for every company and will require some consultancy and it will require some long term thinking. So yeah, it, it's going to be a, an amusing time. - Thank you Carlos. Colin, what do you think are the required updates that we need to start thinking for our security infrastructure? - So maybe before I answer that question, one thing I'd like to add to, to what Carlos had said about the business implications of these new cryptographic standards is that we are starting to see a fairly pronounced shift in the way that this threat of a cryptographically relevant quantum computer is being contemplated by business and government operations as an example. They are starting to think more about what are the business implications as the cryptography reliance moves its way up the stack through infrastructure to applications to business outcomes.
And I think that that's a very important step in terms of the maturity and the understanding of this topic at the CEO and the board level. Prior to that, there was a lot of interest within different organizations. For example, the chief information security officer obviously, and other parts of the security space, they have competing priorities to state the obvious, right? And they are trying to fund and move forward different initiatives.
I think that the impact, the potential impact of a cryptographically relevant quantum computer on business operations is sort of so vast and immense that it's been hard to articulate that in a way we're starting now to see businesses thinking about what does this mean specifically for us, for example, in the financial services industry, transactional integrity, we'd be a huge impact to them. And if, if you've lost that trust from a transactional integrity perspective, where do you start? Right? And so those are the types of considerations. Now I think people are moving a little bit more beyond the historical understanding of data confidentiality, starting now to think about the integrity of transactions, which is one of the biggest impacts.
And then ultimately, of course, if organizations don't act in time, availability will become a key consideration. 'cause systems will have to shut down until they're upgraded. So I think that's a very good and pronounced step that we've been seeing over the last few months. And I think that all the fine work that NIST is doing, not only on the cryptographic algorithm development, you know, with the global competitions and then the release, but also through the, the National Cybersecurity Center of Excellence in terms of the implementation guidance that they are offering there. - Thank you, Colin. Andy, my next question is for you,
I'd like to talk a little bit about regulatory and compliance considerations. From your point of view, from your perspective, what are the most origin or the upcoming new compliance requirements that we are going to start to see flourishing, especially here in the US but potentially also in some other countries? - Yeah. Well, I, I I should start by clarifying that, you know, NIST is a, a non-regulatory agency. You know, our, our responsibility is to develop standards that are required for use by US government agencies in the NA, non-national security community.
But outside of that space, our standards are, are, are adopted voluntarily. Some of you may have seen that, you know, the, the, the US government released national security memorandum 10 that established 2035 as the deadline for transitioning most US government systems to quantum resistant cryptography. And that may seem like a long ways away, but just due to the, you know, based on the complexity and the, the breadth of scale of this transition, this really means we need to start acting now with, you know, with planning and with our, you know, acquisition plans to begin this, you know, refresh cycle, to, to begin to, you know, procure and implement and deploy systems that use quantum resistant cryptography. So I, I think you're going to see very quickly government agencies be, you know, asking their vendors, you know, do you support these new quantum resistant cryptography standards? And, you know, what's your broader timeline for, you know, implementing those into your products and services? - I, I, I think that this is a very, very interesting point. So I would like to kind of continue building on that, Carlos, based on, on, on what Andy was referring to.
How can businesses start preparing to integrate and comply with upcoming regulations or regulatory frameworks in this space? - Yeah, so there, there was last month a report for the proper CATE committee under the Quantum Computing Cybersecurity Preparedness Act. That is very interesting and describes the, the first views on, on all these subjects. And well, unsurprisingly, the the first section for par first paragraph discusses the importance of inventory No, and more precisely they, they clearly state that automated inventory is, is on the rise and that the inventory for PQC is not going to be a one-off thing.
It's going to be mandatory every year, and thus their automated tools are going to shine strongly. There is also going to be a, a manual component to it to, to ensure we have the maximum credibility for the inventory. But yeah, for sure, like this is the basics. No, everyone who wants to make a transition needs to make an inventory. What wasn't unclear is that the government seems to be pushing quite strongly, not just for a onetime inventory, but an ongoing automated inventory.
So that's very, a very interesting regulatory pressure. - We always, Deloitte, always as a firm, you know, anticipates and hopes that organizations in a sense will self-regulate, right? And particularly on this topic, we wrote a blog on it about eight months ago or so, and this sort of came outta some of the work that we did, for example, working with the World Economic Forum and engaging with industry governments and so on. I think it's very important for this reason, the, the timelines that we've talked about before, there is some ambiguity in some organizational minds around when they should act. And I think we've been clear on that, that we would pre, we prefer that certainly an understanding of the exposure is gained and starting to build out a roadmap as a first step waiting for regulations to be applied and understanding that there's very steps, you know, again, this as a non-regulatory agency will define standards. They will likely be integrated into subsequent communication standards and frameworks and the like. And then industry specific guidance may be issued.
We are certainly starting to see regulators, for example, in the financial services industry, start to think about what this would mean. But we don't view that they're likely to regulate in the short term. I think what's more likely is that there'll be some dialogue that will ensue, whether it's guidance documents, so the like that again, help to articulate what this threat really means to business operations.
'cause one of the challenges that we see right now is that again, there's a good technology understanding of the algorithms and why they need to be upgraded, but I don't think that there's a wholesome description about what the business implication is. And that means that it's not being addressed at the board and the CEO level in the same way as other more immediate cyber threats are, right? And so that balance between the timeline and the threat and board awareness of it we think is not a good mix then to say, we'll wait until we're regulated to do so. We prefer that organizations understand the magnitude of this risk and start to take the steps towards addressing it. - Definitely. And I think that this is a great topic now to also move the discussion towards cost and resource planning.
Colin, again, I'd like to start with you on this one. What are your thoughts about the estimations that organizations need to make on the cost to transition to PQC and how many resources need to be allocated for this portfolio? - So at this moment in time, in terms of resourcing and costing, what we advocate to organizations is the best first steps is to make sure you have organizational support. This is a multi-year effort.
This is not something that one can budget over the next 12 or even 18 months. And so we very much advocate that an organization should have a clearly delineated champion of the needs to look at quantum cyber readiness. And typically that's someone within the chief information security officer purview. But really it needs to be done in consult with, for example, in some cases the chief technology officer and the, the CIO with, again, exposure and awareness up at the CEO and the board level. So that is the first steps that we, we suggest is identify a champion and then start to think about what this upgrade will mean for your particular organizational mission. Because as you start to think about the magnitude of this task, it's really important to think about what are the data that are very important to us.
Not that all data is not important, of course it is, but there are particular data and transactions that really are at the heart of the mission of an organization and those should be the ones that are first remedied in terms of that particular organization. So those are the first steps that we would take sort of running forward and doing a whole scale inventory across an organization is probably not the first step that we would recommend. At this point. We think that most of an organization's architecture can be broken down into sort of archetypal prototypes where they are indicative of the broader network.
And if you start doing discovery across that, it really sets you up in terms of understanding the crown jewels and where the first step should be taken and then you can build out a more complete budget picture and longevity. But again, it's a multi-year effort. That's the important, the important point. I'm kind of interested. Carlos, do, do you have some thoughts on that? - Yes, so I, I find two things very interesting and important.
So as you said, this is going to be a significant effort and I would like to highlight that this is not just a burden, it's an opportunity. Today's cryptography is not working that well. Like there is quite a lot of outages because certificates are not valid anymore. There is quite large cost to maintain cryptography across companies, et cetera. And it's truth, the truth is that we, we have seen some technologies evolve very positively over the last 20 years, like virtualization for our computer centers, software defined networking and things like that, that have scaled up to a very modern way of dealing with them.
But cryptography is basically dealt with as it was in the eighties today, like every piece of cryptography is isolated, et cetera. And I think one of the tendencies we, we, we, we seem to, to see is that both regulator and standardization bodies are trying to lead us towards better cryptography. And I think we can have many benefits like reduction of costs and ensuring business continuity that can go out of this significant transition. And so the, both the standardization bodies and governments are play a key, a key role here in ensuring that we don't just switch the algorithms, we switch the algorithms and introduce better practices. Some, some of them like the ones Michele Mosca from the Institute of Quantum computer proposals, like relying on two pillars of cryptography using hybrid cryptography, ensuring that if one of those pillars breaks the other holds us in a secure position, that's something that we can do thanks to the PQC transition, but we have never been able to do in the past or others can be unified cryptography management system to have reduced costs and better observability, more agility. And so I think the, the budgets and projects are, are very large, but we really will have two sorts of people doing the transition.
Two sort of companies doing the transition. The ones that will just wait and endure this transition as their software changes and the ones that will push significant change changes in their companies so that there is a significant improvement on their cryptography. - These are definitely very valid points. Carlos. Andy, I'd like to know from your perspective what could be recommendations for government entities, for public organizations from people that might be listening from other countries working for, for them, what are this first steps that they could take towards preparing a roadmap and transitioning to post quantum cryptography? - Yeah, I mean the, where we're starting within the US government is, is really starting from the perspective of i identifying what systems you have that will need to migrate. You know, because of the, the broad use of public key cryptography, you know, nearly all of our systems, IT systems will be affected by the pqc migration in some way, but it's gonna impact different systems in different ways.
You know, I think Carlos alluded to this a little bit earlier with cases where you are an organization using, you know, commercial products and services where another entity will be, you know, perhaps update updating those and that you'll be able to address those through a technology modernization and refresh cycle or cases where you have legacy components or enterprise applications that you are going to be responsible for. And really those places where, you know, you will be bearing the brunt of the, the implementation of the, the, the, the PQC algorithms and potentially, you know, updating your own maybe proprietary protocols or tools is gonna be where a lot of the cost and complexity will be. You know, I I, I do think that that that really federal agencies and really organizations in general really need to look at this as just, you know, a a a technology modernization problem. You know, that some of these will be systems that will, will have to be, you know, we're are gonna be refreshed between now and and that time anyways. But, you know, unfortunately we haven't always gone through technology re refresh cycles in a smooth manner.
So I think this is, you know, we're still at a time now where there's, you know, that there's still time to prepare for this. We're going to need to act quickly. But, you know, we are looking at a timeframe where, you know, agencies and organizations can really begin this process of understanding what they have and then start to adapt their, you know, their requirements development process, their acquisition processes, you know, to, to plan ahead for the, you know, d deployment of pqc based systems well before 2035. - Yeah. And if I may mark, I think both Andy and Carlos made excellent points there in terms of this being an opportunity, right? I mean, again, we don't know how much time, but we have time, right? That's, that's the main thing.
And so organizations can take this as an opportunity then to, to refresh upgrade head towards, you know, some people call it crypto agility. I think crypto resilience I've heard more recently, which I, I kind of prefer 'cause it's broader than just upgrading the algorithms. It's also policy, you know, key management and so on. The way I characterize it sometimes in interviews, it's, it's never a bad time to look in the attic.
Like there's always things that that one will find, you know, it, it's really because cryptography, and I think Carlos, you said this earlier, cryptography has become so endemic and it's just been, you know, it's been added in through homegrown applications or, you know, hardware, different security, you know, components that have been added in. It sort of then becomes endemic in, in, in infrastructure. And so untangling that a little bit, you know, and put maybe pet putting better governance around it, you know, more concise policies that are mapped right down to the business operations. Again, this is a good opportunity and I think that I, I hope that at the end of the day, once these upgrades are made, we'll look back and we'll say, wow, we actually have much better handle now on, you know, the security triad of confidentiality, integrity and availability. And we are much more cognizant about the key data that we are accumulating, why we're accumulating and how that's adding value to our business.
And we're not capturing extraneous data that we don't need to be responsible for. I think that would be a big win for the industry at large. - I I, I love this part and I love the comparison with the attic. It's never a bad moment to go to your attic, but it, but it's very hard to convince your board to spend time and money on that. So cryptography, I mean, everybody knows that cryptography is mishandled, but there is a lack of sense of urgency on going there.
But now there is the PQC wave and for the PQC wave, there will be a sense of urgency in this 12 to 24 months between the regulations, the standards that will fall, the verticals that will start moving, et cetera. Everyone will have a sense of urgency on acting on this. And that's the moment to go to your attic. And, and that's where you will convince your board to, to, to, to spend money on getting that done and getting that done right.
And we have multiple examples. We have examples from Google and from Apple that have already started to make that transition in a very awesome way in which they haven't just gone into PQC, but they have strongly improved their protocols and their workflows and reduce their costs. So clearly there is a, a, a correct path to take today. - This is a terrific way of finishing this discussion to everyone listening to this conversation.
Thanks for tuning in. If there are questions or additional comments, I think that Andy, Colin and Carlos will be very glad to answer any information requests that might come out from this conversation and we could leave it here. Thank you everyone. - Thank you.
2024-09-16 17:13
