How far off is the day when cryptographically “strong” algorithms will become weak ones due to quantum computer capabilities? Where does Crypto Agility fit in?
Edited on December 11th, 2024, in light of Google’s announcement.
Quantum Computers offer a super-polynomial speedup for some tasks. Shor’s algorithm can be used to break many of the encryption methods used today in polynomial time. This computing power is a threat to the cryptographic algorithms we rely on now for cybersecurity and privacy needs, such as RSA, Elliptic Curve or AES. As complex as an RSA-type algorithm is, the application of quantum computing super-polynomial processing powers enhances the code-cracking logic until decryption is possible.
To date, in a preliminary effort to use quantum computers to break algorithms, RSA 50 – a weak algorithm, no longer widely used for critical systems – was compromised. Earlier this week, Google published its new groundbreaking chipset, named Willow, that overcomes more challenges on the way to achieving the first useable quantum computer. This issue is a real concern for future mission-critical, edge-based systems, and regarding private data. The algorithms we heavily rely on now are expected to become obsolete at some point, and even though this might not happen until five years from now, manufacturers in many sectors would not want to be surprised at that point, and therefore planning is needed now.
To ensure protection against this scenario, it is crucial for a system to be in place whereby current algorithms (RSA, elliptic curve and others) can be replaced with new algorithms when necessary. Researchers have been coming up with increasingly complex cryptographic algorithms and data-protection solutions designed to be resilient to the quantum computers of the future; However, as breaking cyphers is an ongoing sport for mathematicians around the world, replacements with solid unbreakable algorithms should only be done at the time it will really be needed.
The NIST standards body is leading the effort in the US, and it is accepting and publishing proposed algorithms. Various researchers are competing to come up with the best solutions; As part of this undertaking they also attempt to break the ones submitted by others. It is still premature to predict what will be the best effective and desirable algorithm.
On top of all of this, solutions that involve the replacement of hardware are especially difficult to plan for. Many hardware-production schedules span intervals of five to ten years or more. In the interim, things can become hectic and stressful both for manufacturers and for the research community as these critical algorithms are not strong enough to protect against nation/states or even malicious actors.
Karamba Security has always recommended working with a Hardware Security Module (HSM) on the IoT and edge device: this ensures that storage is encrypted, and that the encryption/decryption processing is run on a different and isolated core or CPU than the one running secured code.
Medical, defense, transportation, ML-based edge devices, and other critical infrastructure all rely on HSMs. Users of hardware – whether manufactured by ARM, NXP, Infineon, STMicro, Silicon Labs, Renesas or others – all rely on the algorithms within their respective HSMs. However, as described above, the research is dynamic, conclusions have not yet been reached, and system integrators cannot rely on the hardware manufacturers to supply them with the most up to date security mechanisms in a continuous manner.
Therefore, the solution moves to the software arena. Crypto agility is needed – so that cryptographic capabilities can be added even after a piece of hardware has already been deployed. This can be done via software updates, where capability that extends the hardware can be added: In short, a Software extension to HSM is called for, on top of the traditional (hardware-only) HSM.
The main system software runs on the main processor, and HSM is still required; however, it is difficult to guarantee that the hardware will have the latest and most secure post-quantum algorithms. Regular software updates are therefore needed and, depending on how critical certain systems or applications are, there is a need to be even more responsive, on short notice.
Software HSM is supplied by Karamba Security also as a means for a device manufacturer to work with a single HSM API, although the underlying Hardware HSM may change. As part of a recent automotive project, an OEM requested use of a mathematical algorithm that is not supported by the device’s Hardware HSM. Karamba added the algorithm into the Software extension to HSM, circumventing the HSM’s shortcomings.
This use case provides an excellent example of the need for crypto agility solutions by Karamba: this software-based approach to mitigating the realities of the future quantum computing powers.
