Quantum computing poses a significant threat to current cryptographic systems, potentially compromising the security of sensitive data worldwide. As a result, there is an urgent need for quantum-resistant cryptography. However, the transition to quantum-safe systems is complex, and many organizations lack the necessary expertise. Using case studies and graph-theoretic techniques, a comprehensive framework has been proposed to assist with this migration. Despite this, challenges remain, including needing longer keys and potential incompatibility with existing hardware. The research was conducted by a team from various Australian institutions and supported by the Cyber Security Research Centre Limited.
Quantum Computing Threat to Cryptography
Quantum computing is a significant threat to information protected by widely used cryptographic systems. Cryptographic methods, once deemed secure for decades, are now at risk of being compromised, posing a massive threat to the security of sensitive data and communications across enterprises worldwide. This is because quantum computers can significantly reduce the complexity of key search operations, reducing the security level of symmetric cryptosystems. Additionally, quantum computers offer efficient solutions to factoring and discrete logarithm problems, which form the foundation of many widely deployed asymmetric cryptosystems.
Urgent Need for Quantum-Resistant Cryptography
As a result of the threat posed by quantum computing, there is an urgent need to migrate to quantum-resistant cryptographic systems. This is no simple task. Migrating to a quantum-safe state is a complex process, and many organizations lack the in-house expertise to navigate this transition without guidance. Some recently proposed cryptosystems are designed to be resistant to quantum attacks. These are collectively known as Post Quantum Cryptography (PQC). The National Institute of Standards and Technology (NIST) has initiated steps to standardise PQC primitives implementing at least one of the functionalities of public key encryption, key encapsulation mechanism (KEM), or digital signature.
Framework for Migrating to Quantum-Resistant Cryptography
In response to this urgent need, a comprehensive framework designed to assist enterprises with this migration has been presented. This framework outlines essential steps involved in the cryptographic migration process and leverages existing organisational inventories. The framework facilitates the efficient identification of cryptographic assets and can be integrated with other enterprise frameworks smoothly.
Case Studies and Graph-Theoretic Techniques
To underscore the practicality and effectiveness of the framework, case studies that utilise graph-theoretic techniques to pinpoint and assess cryptographic dependencies have been incorporated. This is useful in prioritising cryptosystems for replacement.
Challenges in Enterprise Migration to Quantum-Safe Cryptography
However, the enterprise migration to quantum-safe cryptography is unlikely to be straightforward due to various factors. PQC algorithms have different resource requirements from traditional asymmetric cryptosystems, including having much longer keys. This may require updates to protocols and key management. Many appliances that include hardware acceleration for widely used cryptosystems may not support the new PQC algorithms.
Research Team and Support
The research was conducted by a team from the University of New South Wales, Queensland University of Technology, Tata Consultancy Services Limited Australia, and QuintessenceLabs Pty Ltd. The work has been supported by the Cyber Security Research Centre Limited, whose activities are partially funded by the Australian Government’s Cooperative Research Centres Programme.
The article “A Framework for Migrating to Post-Quantum Cryptography: Security Dependency Analysis and Case Studies” was published in IEEE Access on January 1, 2024. The authors, Khondokar Fida Hasan, Leonie Simpson, Mir Ali Rezazadeh Baee, Chadni Islam, Zia Ur Rahman, Warren Armstrong, Praveen Gauravaram, and Matthew McKague, present a comprehensive framework for transitioning to post-quantum cryptography. They provide an in-depth security dependency analysis and case studies to support their framework.
