The Goal is Crypto-Agility
In just a few years, quantum computers could be ready for practical use. This is a risk scenario that must be taken seriously when considering current cryptographic methods. The effective protection of digital infrastructures against the advanced computing capabilities of quantum chips is only possible if IT security keeps pace with this development.
The recommended procedures described in the document "Migration to Post-Quantum Cryptography" issued by the German Federal Office for Information Security (BSI) provide guidance in this. genua has helped develop the standard for the hash-based signatures described therein and subsequently fully implemented it. Alexander von Gernler, Head of Research at genua, characterizes which aspects are especially important for IT security at public authorities and companies in this interview.
Mr. von Gernler, the BSI sees an urgent need for cryptographic applications to process information requiring extended periods of confidentiality and high levels of protection. In actual terms, what does that mean for companies or public authorities?
Alexander von Gernler: First of all, this is a wake-up call to understand the impact of this issue. Now is the time to audit the cryptographic processes that are used in one’s own organization. There are, however, very few companies that develop or use this specific technological know-how themselves. Usually, it is a matter of examining the deployed software in respect to post-quantum security. This in turn generally means consulting an IT service provider or manufacturer.
Above all, the service provider must guarantee that they are familiar with the BSI's recommended procedures and their products are post-quantum secure in this context. If this is not the case, the service provider should be given a deadline by which compliance is attained. Currently, the recommended procedures cannot be fully implemented, as some studies are still pending. However, there are no excuses for the procedures that are already feasible.
What time frame is realistic? This will be difficult for many businesses to assess, especially as quantum computers are perceived as a technological possibility, but not a definite prospect.
Alexander von Gernler: Of course not every company can be an expert on this. But the moment IT security must withstand the scrutiny of a professional compliance and risk management audit, addressing post-quantum cryptography cannot be avoided. Public authorities and companies with high protection needs are the forerunners here. In these cases, the compliance deadline for currently available measures should not exceed six to eight months.
But many companies are already specifically auditing their service providers. This is at least the observation of our research team, which has focused on post-quantum cryptography for years. Our team is highly networked with specialized IT security experts and cryptologists – both in Germany and internationally.
Are there approaches that you recommend in particular for an audit?
Alexander von Gernler: First of all, I believe all the BSI recommendations are suitable. They are fully appropriate to the situation and correspond to our own findings from two research projects. In addition to the BSI document, IT security experts should also address the topic of "post-quantum VPN". We are currently doing this, for example, in a research project called "QuaSiModO" (Quantum-Safe VPN Modules and Operation Modes).
What is the objective of this project?
Alexander von Gernler: We want to be the first German manufacturer to offer a production quality and full featured VPN with sufficient performance that is secured against quantum computer attacks. This is precisely what our customers in the high security field are demanding from us.
In the research project, we are examining and testing new quantum resistant algorithms, and realizing these as VPN standards and VPN implementations. That is to say, we are developing comprehensive protection mechanisms against the attack potential of quantum computers. These can damage components of current cryptographic methods to varying degrees. While the currently used symmetrical encryption can be salvaged by the use of longer keys, today’s public key cryptography and key exchange processes cannot. To create a VPN solution such as that offered by genua, all three components must be in a functional and quantum-resistant state.
That sounds like an exciting interface between research and its practical application – are there any particular developments that you are currently observing?
Alexander von Gernler: There is a common vision: the goal is crypto agility. As initially stated in this interview, service providers must commit to precisely understanding the process chain in IT security. They also must prepare resilience to provide protection in a crisis situation. If for example the expert community discovers that a cryptographic process is insecure, the service provider should guarantee a smooth transition to updated functionality.
The field lengths in today's Internet protocols are an excellent example from our research: frequently, just enough space is left to accommodate the keys from current methods such as RSA or Diffie-Hellman. The significantly more complex post-quantum methods, however, require more space and do not fit as easily. In our research project, we therefore need to develop suggestions on how to adapt protocol standards to the new situation. This is complicated, takes time and also requires expertise. Fortunately, we started working on this at genua quite a while ago.
Is this also related to the BSI recommended procedures?
Alexander von Gernler: Yes, another important element is the secure firmware update by so-called hash based signatures. genua has contributed to the development of the XMSS (RFC 8391) standard cited by the BSI in the recommended procedures, and as a manufacturer has already fully implemented it.
Thus, whenever you install an update on a genua product, you can be certain that it cannot have been tampered with by an attacker using a quantum computer. And if you as our customer did not notice the recent transition – that is what crypto-agility is about! This is the kind of flexibility we are honing our products for.