Source: Production Perig via Shutterstock
Apple's new PQ3 post-quantum cryptographic (PQC) protocol introduced last week is the latest manifestation of a trend that will accelerate over the next few years as quantum computing matures and takes root in a variety of different industries.
Protocols like PQ3, which Apple will use to secure iMessage communications, and a similar encryption protocol that Signal introduced last year called PQXDH, are quantum resistant, meaning they can — theoretically, at least — withstand attacks from quantum computers trying to break them.
A Vital, Emerging Requirement
Many consider that capability will become vital as quantum computers mature and give adversaries a trivially easy way to crack open even the most secure current encryption protocols and access protected communications and data.
Concerns over that potential — and of adversaries already harvesting sensitive encrypted data and storing them for future decryption via quantum computers — prompted a National Institute of Standards and Technology initiative for standardized public key, quantum-safe cryptographic algorithms. Apple's PQ3 is based on Kyber, a post-quantum public key that is one of four algorithms that NIST has chosen for standardization.
Rebecca Krauthamer, chief product officer at QuSecure, a company that focuses on technologies that protect against emerging quantum computing-related threats perceives Apple's announcement will drive further momentum in the PQC space.
"We have been implementing with a number of well-known organizations in the space, and I can say firsthand that Apple's announcement is the first of many to come in the next four months," Krauthamer says. She anticipates similar moves from developers of other messaging apps and social media platforms.
Up until now, the government, financial services, and telecom sectors have driven early adoption of PQC. Telecom companies in particular have been at the forefront in experimenting with quantum key distribution (QKD) for generating encryption keys, she says. "But in the past 18 months, we've seen them migrate towards PQC as PQC is digitally scalable, while QKD still has significant scalability limitations," Krauthamer adds.
Long and Complicated Migration Path
For organizations, the shift to PQC will be long, complicated, and likely painful. Krauthamer says post-quantum encryption algorithms will redefine the landscape of authentication protocols and access controls. "Current mechanisms heavily reliant on public key infrastructures, such as SSL/TLS for secure Web communications, will require reevaluation and adaptation to integrate quantum-resistant algorithms," she says. "This transition is crucial for maintaining the integrity and confidentiality of mobile and other digital interactions in a post-quantum era."
The migration to post-quantum cryptography introduces a new set of management challenges for enterprise IT, technology, and security teams that parallels previous migrations, like from TLS1.2 to 1.3 and ipv4 to v6, both of which have taken decades, she says. "These include the complexity of integrating new algorithms into existing systems, the need for widespread cryptographic agility to swiftly adapt to evolving standards, and the imperative for comprehensive workforce education on quantum threats and defenses," Krauthamer says.
Quantum computers will equip adversaries with technology that can relatively easily strip away the protections offered by the most secure of current encryption protocols, says Pete Nicoletti, global CISO atCheckPointSoftware. "The 'lock' in your browser bar will be meaningless as quantum computer-equipped criminals will be able to decrypt every banking transaction, read every message, and gain access to every medical and criminal record in every database everywhere, in seconds," he says. Critical business and government communications conventionally encrypted in site-to-site VPNs, browsers, data storage, and email are all at risk of "harvest now, decrypt later" attacks, he says.
Harvest Now, Decrypt Later
"Right now, in certain verticals, business leaders should assume that all of their encrypted traffic is being harvested and stored for when quantum encryption is available to crack it," Nicoletti says. Even though such attacks might be a while away, business and technology leaders need to be aware of the issue and start preparing for it now.
The goal should be to not impact users when transitioning to PQC, but every indication is that it will expensive, chaotic, and disruptive, he says. Messaging apps like Apple's PQ3 are relatively easy to deploy and manage."Consider the chaos when your corporate firewall or cloud provider does not support a certain post-quantum encryption algorithm with a partner or a customer, and you can't communicate securely," he says, by way of an example. Unless vendors of browsers, email, routers, security tools, database encryption, and messaging are all on the same page, enterprise IT teams will have their hands full making the switch to PQC, he cautions.
Grant Goodes, chief innovation architectat mobile security vendor Zimperium, advocates that organizations take a measured approach to implementing PQC, considering the enormity of the task and the fact it's unclear when in the future many of the most feared security consequences of quantum computing will come to pass. Like others, he concedes that when quantum computers finally come of age, they will make even the most secure RSA encryption trivial to break. But breaking an RSA-2048 key would require some 20 million qubits, or quantum bits, of processing power. Given that current practical quantum computers only have around 1,000 qubits, it's going to take at least another decade for that threat to become real, Goodes predicts.
"Second, there is the concern that these proposedpost-quantumciphers are very new and have yet to be truly studied, so we don't really know how strong they are," he notes. As a case in point, he cites the example of SIKE, a post-quantum encryption algorithm that NIST approved as a finalist for standardization in 2022. But researchers quickly broke SIKE shortly thereafter using a single-core Intel CPU.
"New ciphers based on novel mathematics are not necessarily strong, just poorly studied," Goodes says. So a more measured approach is likely prudent for adopting PQC, he adds. "Post-quantumcryptography is coming, but there is no need to panic.Doubtless they will start to make their way into our devices, but existing algorithms and security practices will suffice for the immediate future."
