Post Quantum Cryptography – The Impact on Identity

Cryptoagility and Quantum
Resistance: Easier Said Than Done
Post Quantum Cryptography – The Impact on Identity
Dr. Carmen Kempka
Director Corporate Technology
WIBU-SYSTEMS AG
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done

To access the on-demand replay of this masterclass,
please visit
https://www.wibu.com/wibu-systems-webinars/post-
quantum-cryptography-the-impact-on-
identity/access.html

The cat-and-mouse-game of cryptography
Cryptography develops. So does cryptoanalysis.
3

Cryptography and quantum computers: What is broken?
Certificate
Public Key:
0011101001
2024-04-10 © WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum Resistance: Easier Said Than Done 15

Post Quantum Cryptography
Cryptographic algorithms are resistant against quantum attacks

Based on hard mathematical problems
• RSA: factoring large numbers
• ECC: discrete logarithms (DLOG)
Asymmetric cryptography
NP
Exp
P

• PQC algorithms are based on various,
different mathematical problems that are not
easily solvable by quantum computers
NP
Exp
P
SVP
LWE
SIS
Lineare Codes

• PQC algorithms are based on various
mathematical problems that are not easily
solvable by quantum computers
• These mathematical problems are much
younger and less analyzed!
NP
Exp
P
SVP
LWE
SIS
Analyzed for less
than 20 years
Lineare Codes

PQC Timeline

PQC Timeline
July 2022:
publication of PQC
algorithms selected
for NIST standard

PQC Timeline
July 2022:
publication of PQC
algorithms selected
for NIST standard
August 2022:
candidate SIKE
broken on
classical computer
22

• RSA, ECC:
 Factoring and DLOG have been analyzed since around
300 bc (Euclid)
 High trust in security against classical attacks
− Fully broken with quantum computers – but when?
• PQC algorithms
• Mathematical problems quite new
• No known relevant attacks by classical or quantum
computers
• Situation hard to assess: not many people have expertise
in quantum computers and cryptography or the math
behind the PQC schemes
The PQC dilemma

Cryptoagility
Bildquelle: https://www.goodfreephotos.com/public-domain-images/fitting-the-last-puzzle-piece.jpg.php (Public Domain)

What do we have?
PQC
Lattice-based
Code-based
Isogenies on elliptic
curves
Multivariate
polynomials
(signatures only)
Hash-based
(signatures only)

What do we have?
PQC
Lattice-based
Code based-
Isogenies on elliptic
curves
Multivariate
polynomials
(signatures only)
Hash based-
(signatures only)
4th round
 McEliece
 BIKE
 HQC
SIKE
 SPHINCS+
State based:
 XMSS
 LMS
 Dilithium
 Falcon
 Kyber
Rainbow

Cryptoagility
The ideal world
public abstract class Encryptor {
abstract String encrypt(int publicKey, String message);
}
public class RSAEncryptor extends Encryptor {
public String encrypt (int publicKey, String message) {
<Code for encryption with RSA>
return ciphertext;
}
}
public class KyberEncryptor extends Encryptor {
<Code for encryption with Kyber>
return ciphertext;
}
}

Cryptoagility
The ideal world
public abstract class Encryptor {
abstract String encrypt(int publicKey, String message);
}
public class RSAEncryptor extends Encryptor {
<Code for encryption with RSA>
return ciphertext;
}
}
public class KyberEncryptor extends Encryptor {
<Code for encryption with Kyber>
return ciphertext;
}
}
Cryptoagile concept
 Modularity
 Crypto algorithms can be easily replaced if broken
 Once large enough quantum computers exist to
break our crypto algorithms, the algorithms are just
replaced by PQC algorithms – problem solved

Cryptoagility: the real world
© WIBU-SYSTEMS AG 2024 | Cryptoagility and Quantum
Resistance: Easier Said Than Done
2024-04-10 © WIBU-SYSTEMS AG 2024 29

Cryptoagility: easier said than done
• Different mathematical structures
• Large difference in memory requirements
• Very different in performance
• Very different key sizes and formats
• Developers need to learn a lot for each new algorithm
• Test vectors
• Formats
• Memory/performance trade-offs
• Which intermediate results need to be kept secret
• How to implement resistance against side channels
• Other best practices in implementation and usage
• …

How to deal with cryptoagility
• Plan with enough time and resources
• management needs to be aware of the full extent of the problem

• Threat analysis
• Find out where cryptography is used in your system and what is protected against what
• Maybe use the opportunity to re-asses your security architecture

• Identify memory and performance requirements
• Hardware requirements
• Availability requirements of cloud systems
• Response time
• Bandwidth
• …

• Flexibility
• Restructure code: you need modularity and more flexibility
• Hardcoded sizes or fixed formats could become a problem
• Maybe use the opportunity to clean up your code base

• Get experience
• Try out open source PQC libs to identify performance issues etc.
• Do research projects

How long do we have time?
When should we start integrating quantum resistant cryptography?

Mosca’s Theorem
When should we start?
Let…
…X the time for which encryption should be secure
…Y the time needed for migrating to PQC
…Z the time remaining until quantum computers are sufficiently advanced to break current cryptographic systems
Theorem (Mosca):
Source Mosca‘s Theorem: https://csrc.nist.gov/csrc/media/events/workshop-on-cybersecurity-in-a-post-quantum-world/documents/presentations/session8-mosca-michele.pdf
X
Y
Z 
If X + Y > Z, then worry

Mosca’s Theorem
When should we start?
Let…
…X the time for which encryption should be secure
…{Y1..Yn} the time needed for migrating the entire value chain to PQC
…Z the time remaining until quantum computers are sufficiently advanced to break current cryptographic systems
Theorem:
X
Z 
If X + Y > Z, then worry
Y1 Y2 Y3
39

When do quantum computers start becoming dangerous
We don’t know that.
• Needed to break ECC 256: around 2330 logical qubits or several million physical qubits
• Needed to break RSA 2048: around 4096 logical qubits or several million physical qubits
• Currently existing quantum computers have a few hundred physical qubits
Seems we are still far away from having our crypto systems broken, but
everything between < 10 and > 30 years is possible

Migration to PQC
• Long-term security: combination of different algorithms
• Hybrid certificates
• Double encryption
• Cryptoagility
• Where is cryptography used in your system?
• Make cryptography updatable and replaceable
• Find a good strategy for the transition
• Identify dependencies
• Coordinate migration to PQC with suppliers and customers
• Requirements of downwards compatibility and interoperability

Europe: +49-721-931720
USA: +1-425-7756900
China: +86-21-55661790
Japan: +81-45-5659710
https://www.wibu.com
info@wibu.com
Thank You!
Let’s keep in touch

Post Quantum Cryptography – The Impact on Identity

More Related Content

What's hot (11)

Similar to Post Quantum Cryptography – The Impact on Identity (20)

More from team-WIBU (20)

Recently uploaded (20)

Post Quantum Cryptography – The Impact on Identity