What are the most frequently asked questions about PQC?

Quantum computers, with their advanced processing power, are by far superior to today’s supercomputers and may be capable of performing certain algorithms more efficiently than traditional computers, posing a threat to classical cryptography. More precisely, quantum computers could be capable of performing Grover’s and Shor’s algorithm which can significantly weaken symmetric cryptography or even crack asymmetric cryptography. Since every organization relies on cryptography for data protection, digital signatures, and secure transactions, it is a threat that applies to all industries.

No. Quantum computing is a highly promising research field that has the potential to be used in several industries such as manufacturing, chemistry, or infrastructure. With the help of quantum computers, people hope to improve modeling complex processes and enable more efficient production methods or calculations. Most quantum computers today are being developed with specific use cases in mind (which do not include cracking cryptography). However, although quantum computers are not being developed with the goal to crack existing cryptography, their potential computing powers should not be underestimated, and there may be parties who would misuse them for malicious purposes.

For all organizations, the preparation for post quantum has to be considered on an individual basis. Generally speaking, it is vital to be aware about the cryptographic status quo of your organization, meaning: Make a list of the algorithms and their use cases. Also, determine what data needs to be protected and for how long. Based on this, you can develop a migration strategy that takes into account the new algorithms your organization needs to apply. You should also ensure that your hardware and general IT infrastructure can handle the algorithms you want to introduce (considering potentially larger key and signature sizes). For migration, most institutions recommend using a hybrid approach (using both PQC and classic algorithms), since PQC algorithms are not yet mature. After planning your migration and eliminating potential roadblocks, follow your migration plan, while considering new developments in the Post Quantum Cryptography field.

If you are unsure about your migration, contact our PQC consultancy.

As the discipline of post quantum cryptography is not fully mature yet, it is important to use a flexible, crypto agile solution. For a Public Key Infrastructure , this entails using a solution that can be updated with new cryptographic algorithms and whose certificate profiles can be extended to include new algorithm identifiers and potential extensions. As a starting point, one should evaluate the PQC algorithms recommended by NIST and determine if these are suitable for the respective environment (considering signature and key sizes). In general, consider a PKI solution with an underlying crypto library that either already supports PQC algorithms or can be upgraded once the standardization of PQC algorithms is finalized.

The still ongoing standardization process by NIST has announced four algorithms for standardization, which include the lattice-based algorithms CRYSTALS-KYBER, CRYSTALS-Dilithium, and FALCON, as well as the stateless hash-based signature scheme SPHINCS+. Previously, NIST has recommended two algorithms for digital signatures which are stateful hash-based signature schemes: LMS and XMSS (including its variants HSS and XMSS-MT). Traditional symmetric algorithms, such as AES, are (as of now) considered to be post quantum-safe, if their key length has a certain number of bits. For example, AES-256 can withstand quantum computer attacks, although AES-128 may not.

Several PQC algorithms candidates have been broken during the standardization process. Do I need to be concerned?

During the standardization process, the proposed algorithms are the primary focus. It is a desired process that these algorithms are tested and may be broken along the way. The finalists which will be standardized have made it through a detailed and thorough analysis and can be trusted.

Quantum computers with their advanced processing power, can be used in all industries for a variety of innovations and calculations that were not possible before. Organizations can benefit from quantum computers in many ways, including making smarter investment decisions, developing drugs and vaccines faster, and revolutionizing transportation.

However, quantum computers also pose a threat regarding cybersecurity infrastructures:

The threat quantum computers pose to certain industries is determined by two factors: data shelf life (how long data will be used and valuable) and the system life cycle (how long a system will be in use). Therefore, industries such as Insurance, Public Sector, and Banking & Financials will be most affected by the quantum computer threat.

Certain industries are obliged to store data for a certain period of time (e.g. healthcare data for 30 years). What is the best strategy to protect data created and stored now for the long-term?

Data is still protected in the long term since most data is encrypted with symmetric algorithms, which may be weakened by quantum computer attacks, but are still considered to be secure against quantum computers. However, this only applies if you use an algorithm with a sufficient key length, e.g., AES-256. To be on the safe side and add another layer of (quantum) security, the best strategy is to follow a hybrid encryption approach. This means additionally encrypting data with post quantum algorithms. The focus should additionally be on secure key exchange methods.

Most PQC algorithms are using larger key sizes compared to classic algorithms. As a result, ciphertext and signature sizes will also be larger, influencing the performance. You can find a detailed report on the key sizes and the required time (cycles) to generate a session key / public key in the enisa PQC integration study.

A major problem will be that there will no longer be a silver-bullet algorithm. We will have to weigh the sweet spots of each algorithm (key gen performance, signature performance, small signatures, small key sizes, …) and select the method that offersr the most appropriate algorithm providing the best tradeoff for the specific use case.

Quantum Key Distribution is a method of exchanging encryption keys using quantum mechanics. It is used for the transmission of symmetric cryptographic keys between various parties. The advantage of quantum key distribution compared to other key transmission methods is its “built-in eavesdrop protection”: By using entangled states, any interception attempt can be detected immediately and effectively invalidates a key.

Hybrid cryptography refers to the simultaneous use of both classical and post quantum cryptography. For example, in the digital signature use case, two signatures will be applied together – one created with a classic algorithm, and one created with a PQC algorithm.

Yes. Utimaco does not only provide cybersecurity products but also offers professional services and consulting. Our services team helps with your individual project implementations, including running a crypto inventory. With our consulting team, you can discuss your cybersecurity challenges and together we define and implement strategies to overcome these obstacles.