Apple’s new PQ3 post-quantum cryptographic (PQC) protocol, introduced last week, is the latest manifestation of a trend that will accelerate in the coming years as quantum computing matures and takes root in a variety of different industries.
Protocols like PQ3that Apple will use protect iMessage communicationsand a similar encryption protocol introduced by Signal last year called PQXDHthey are quantum resistant, meaning they can, at least in theory, resist attacks from quantum computers that try to hack them.
A vital and emerging need
Many believe this ability will become vital as quantum computers mature and give adversaries a chance a trivially simple way to open up even today’s most secure encryption protocols and access secure communications and data.
Concerns about this potential – and about adversaries already collecting sensitive encrypted data and storing it for future decryption via quantum computers – have prompted an initiative by the National Institute of Standards and Technology to standardized public key, secure quantum cryptographic algorithms. Apple’s PQ3 is based on Kyber, a post-quantum public key that is one of four algorithms used NIST chose standardization.
Rebecca Krauthamer, chief product officer at QuSecure, a company that focuses on technologies that protect against emerging threats related to quantum computing, believes Apple’s announcement will give further momentum to the PQC space.
“We have partnered with several renowned organizations in the industry, and I can say firsthand that Apple’s announcement is the first of many to come over the next four months,” says Krauthamer. Anticipate similar moves by developers of other messaging apps and social media platforms.
So far, the government, financial services and telecommunications sectors have led the early adoption of PQC. Telcos in particular have been at the forefront of experimenting with quantum key distribution (QKD) to generate encryption keys, he says. “But over the last 18 months, we’ve seen them migrate to PQC because PQC is digitally scalable, while QKD still has significant scalability limitations,” Krauthamer adds.
Long and complicated migration path
For organizations, the transition to PQC will be long, complicated and likely painful. Krauthamer says post-quantum cryptography algorithms will redefine the landscape of authentication protocols and access controls. “Current mechanisms that rely heavily on public key infrastructures, such as SSL/TLS for secure web communications, will require reevaluation and adaptation to integrate quantum-resistant algorithms,” she says. “This transition is crucial to maintaining the integrity and privacy of mobile and digital interactions in a post-quantum era.”
The migration to post-quantum cryptography introduces a new set of management challenges for enterprise IT, technology, and security teams that go hand-in-hand with previous migrations, such as TLS1.2 to 1.3 and IPv4 to v6, which required both decades, he says. “These include the complexity of integrating new algorithms into existing systems, the need for widespread cryptographic agility to rapidly adapt to evolving standards, and the imperative of comprehensive workforce training on quantum threats and defenses,” he says Krauthamer.
Quantum computers will arm adversaries with technology that can relatively easily eliminate the protections offered by the most secure of today’s encryption protocols, says Pete Nicoletti, global CISO at Check Point Software. “The ‘padlock’ in the browser bar will no longer make sense as criminals equipped with quantum computers will be able to decrypt every banking transaction, read every message and gain access to every medical and criminal record in every database everywhere, in just a few seconds,” he said. he says he. Critical corporate and government communications conventionally encrypted in site-to-site VPNs, browsers, data storage and email are all at risk of “collect now, decrypt later” attacks, he says.
Collect now, decrypt later
“Right now, in some verticals, business leaders should assume that all their encrypted traffic is being collected and stored for when quantum cryptography is available to decrypt it,” Nicoletti says. While such attacks may be a long way off, business and technology leaders need to be aware of the problem and start preparing now.
The goal should be to have no impact on users during the transition to PQC, but all indications are that it will be expensive, chaotic and disruptive, he says. Messaging apps like Apple’s PQ3 are relatively easy to deploy and manage. “Consider the chaos when your corporate firewall or cloud provider doesn’t support a certain post-quantum encryption algorithm with a partner or customer and you can’t communicate securely,” she says, by way of example. Unless vendors of browsers, email, routers, security tools, database encryption and messaging are all on the same page, enterprise IT teams will be busy transitioning to PQC, she warns.
Grant Goodes, chief innovation architect at mobile security vendor Zimperium, advocates for organizations to take a measured approach to implementing PQC, considering the enormity of the task and the fact that it is unclear when in the future many of the most feared security consequences of quantum computing. pass. Like others, he admits that when quantum computers finally come of age, they will make even the most secure RSA encryption trivial to crack. But cracking an RSA-2048 key would require about 20 million qubits, or quantum bits, of processing power. Given that current practical quantum computers only have about 1,000 qubits, it will be at least another decade before this threat becomes real, Goodes predicts.
“Secondly, there is a concern that these proposed post-quantum ciphers are very new and have yet to really be studied, so we don’t really know how strong they are,” he notes. As a case in point, she cites the example of SIKE, a post-quantum cryptography algorithm that NIST has approved as a finalist for standardization in 2022. But researchers quickly broke SIKE shortly thereafter using a single-core Intel CPU.
“New codes based on new mathematics are not necessarily strong, just poorly researched,” says Goodes. So a more measured approach is probably prudent for PQC adoption, he adds. “Post-quantum cryptography is coming, but there’s no need to panic. It will no doubt begin to make its way into our devices, but existing algorithms and security practices will suffice for the foreseeable future.”