{"id":861,"date":"2024-11-14T03:34:33","date_gmt":"2024-11-14T03:34:33","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=861"},"modified":"2024-11-14T03:34:33","modified_gmt":"2024-11-14T03:34:33","slug":"nist-publishes-timeline-for-quantum-resistant-cryptography-but-enterprises-must-move-faster","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=861","title":{"rendered":"NIST publishes timeline for quantum-resistant cryptography, but enterprises must move faster"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The US National Institute of Standards and Technology (NIST) on Tuesday published its timetables for moving government agencies off current types of encryption onto what they hope will be quantum-resistant encryption by 2035. But analysts urge enterprises to move much more quickly, given that state actors are expected to achieve quantum at scale by 2028.\u00a0<\/p>\n

Mark Horvath, a Gartner VP analyst who tracks both quantum and cryptography, said the urgency for enterprises to move away from current encryption techniques is real.\u00a0IBM has said it expects to have a 200-qubit quantum computer<\/a> by 2030 and, Horvath said, \u201cWe assume that state actors are two years ahead of where the commercial vendors are.\u201d<\/p>\n

In October, a research team in China was reported to have already broken RSA encryption via quantum<\/a>, albeit not at scale.<\/p>\n

In the newly published document<\/a>, NIST distinguished between agencies getting rid of existing encryption entirely and just starting to scale it back. It used the term \u201cdeprecated\u201d to mean that \u201cthe algorithm and key length\/strength may be used, but there is some security risk. The data owner must examine this risk potential and decide whether to continue to use a deprecated algorithm or key length.\u201d It used the more stringent \u201cdisallowed\u201d to describe the outright ban of the use of \u201cthe algorithm, key length\/strength, parameter set, or scheme.\u201d<\/p>\n

NIST also used \u201clegacy\u201d to refer to sort of a middle ground where, it said, \u201cthe algorithm, scheme, or parameter set may only be used to process already protected information\u201d such as \u201cto decrypt ciphertext data or to verify a digital signature.\u201d<\/p>\n

The document said that all current encryption (ECDSA, RSA and EdDSA) must be disallowed after 2035. After 2030, 112-bit ECDSA and RSA are to be deprecated.<\/p>\n

\u201cThat is a little bit long, because they want to give people time to change. It\u2019s good advice, but I would take it a little bit further\u201d because \u201cgovernments have mitigating controls [such as isolation and virtualization] and enterprises don\u2019t typically have those controls,\u201d Horvath said. He added that enterprises that use air gapped systems are close. \u201cI would encourage anybody who is not in the government to take this seriously and begin planning today.\u201d<\/p>\n

The NIST report said that even though quantum computing is not yet here at scale, there is still a reason to act quickly.\u00a0The term \u201cpost-quantum computing (PQC)\u201d is misleading, because it is not referring to \u201cafter\u201d quantum, but to when quantum does arrive at scale.\u00a0<\/p>\n

[ Related: The CISO\u2019s guide to establishing quantum resilience<\/a> ]<\/strong><\/p>\n

\u201cEven though the transition to post-quantum cryptography is starting before a cryptographically relevant quantum computer has been built, there is a pressing threat. Encrypted data remains at risk because of the \u2018harvest now, decrypt later\u2019 threat in which adversaries collect encrypted data now with the goal of decrypting it once quantum technology matures,\u201d the report said. \u201cSince sensitive data often retains its value for many years, starting the transition to post-quantum cryptography now is critical to preventing these future breaches. This threat model is one of the main reasons why the transition to post-quantum cryptography is urgent.\u201d<\/p>\n

NIST also conceded that even some government systems may have to transition more quickly. \u201cSome systems, particularly those with long term confidentiality needs or more complex cryptographic infrastructures, may require earlier transitions, while others may adopt PQC at a slower pace due to legacy constraints or lower risk profiles,\u201d NIST said. \u201cFlexibility in migration planning is essential to balance the urgency of securing critical systems with the practical challenges that different sectors face during this transition.\u201d<\/p>\n

NIST released three approaches to beginning the journey to quantum-resistant cryptography: the Module-Lattice-Based Key-Encapsulation Mechanism [FIPS203], the Module-Lattice-Based Digital Signature Algorithm [FIPS204], and the Stateless Hash-Based Signature Algorithm [FIPS205].\u00a0<\/p>\n

Horvath said that even if NIST and others have made incorrect guesses about what quantum will eventually look like, moving to the new encryption approaches is a no-brainer. \u201cIn the worst possible case, we switch over and we have much more safety than we had before. By upgrading to the lattice algorithm, we get much stronger cryptography,\u201d Horvath said.\u00a0<\/p>\n

Horvath also stressed that there are various advantages to moving to the new encryption approaches that have nothing to do with traditional security issues. For example, he said the new versions can support encrypted searches, which are not practical today.<\/p>\n

\u201cIt has to do with the math that it is based on, which is fundamentally different, and it therefore allows these extra properties [such as secure multi-party computation] that the current math just doesn\u2019t,\u201d Horvath said.\u00a0<\/p>\n

That would, for example, allow better mechanisms for executing anti-money laundering efforts where you \u201chave high-net worth clients and we don\u2019t want to share their names with other banks. It can be asked \u2018Does he have a SAR (suspicious activity report) at any other bank?\u2019\u201d without identifying the customer by name, Horvath said. \u201cIt\u2019s both stronger and more flexible.\u201d<\/p>\n

Frank Dickson, an IDC group VP for security and trust, argued that because encryption is the base for almost every aspect of cybersecurity today, he believes that \u201cthe delivery of this document is the single most impactful [cybersecurity] development of the year.\u201d<\/p>\n

The particular specs in the document are less important than the fact that this reflects the beginnings of broad industry alignment on how this encryption migration should happen, Dickson said.\u00a0<\/p>\n

\u201cThe information is less important than the idea that we got cryptographers to agree on something,\u201d Dickson said. \u201cIt\u2019s not the technology that is the [benefit]. It\u2019s the agreement.\u201d<\/p>\n

Dickson agreed in general that enterprises must move as quickly as they can to this improved encryption, but that a business needs to consider many factors, such as cost, when deciding on a timeline. \u201cThere\u2019s a cost factor determining how fast you can go. It costs money to replace [technology]\u201d, he said. \u201c[Enterprise CISOs and CIOs] may decide that some things aren\u2019t updated until you have to replace it.\u201d<\/p>\n

Urs W\u00fcrgler, a senior management consultant with Swisscom CISSP, a security vendor in Zurich, Switzerland, wrote in a LinkedIn comment about the NIST report<\/a>, \u201cin a technical context, the expression \u2018disallowed\u2019 is interesting. There are US agencies that are subject to some NIST adherence if they must obey DFARS or FISMA. In this case, NIST SP 800-171 compliance is required and is not yet making reference to PQC.\u201d<\/p>\n

\u201cIt goes without saying that PQC is not yet referenced in the sense of implementation requirements mandated by nation states,\u201d W\u00fcrgler wrote. \u201cThe concept of \u2018cryptographic agility\u2019 has been discussed for at least 20 years, but its practical implementation remains niche. Given the impending need for PQC, this situation is far from ideal.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The US National Institute of Standards and Technology (NIST) on Tuesday published its timetables for moving government agencies off current types of encryption onto what they hope will be quantum-resistant encryption by 2035. But analysts urge enterprises to move much more quickly, given that state actors are expected to achieve quantum at scale by 2028.\u00a0 […]<\/p>\n","protected":false},"author":0,"featured_media":844,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-861","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/861"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=861"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/861\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/844"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=861"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=861"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=861"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}