The PKI Guy talks quantum-safe security with Alexander Truskovsky of ISARA Corporation

Q&A with Alexander Truskovsky, senior product manager, ISARA Corporation

TPG: Tell us about ISARA. 

AT: ISARA Corporation is a cybersecurity company specializing in creating production-ready quantum-safe solutions for today’s computing ecosystems. We enable OEMs to achieve a seamless migration to next-generation security measures by embedding our optimized quantum-safe algorithms and unique crypto-agile technology. We actively collaborate with academic and standards institutions to conduct joint research and raise awareness of the quantum threat.

TPG: What do you see as the biggest security risks to companies?

AT: Currently, the types of security risk and breaches we’re seeing today really focus on the top of what we call the “security impact pyramid,” which consist of—from top to bottom—user errors, administrator errors, platform issues, architecture flaws, and the foundation of the pyramid being public key cryptography. As you move down through the layers of security infrastructure, the system vulnerabilities become more difficult to exploit but the potential impact on critical components becomes much greater. For example, user errors at the top could be poor passwords, phishing scams, anything where the user themselves intentionally or unknowingly comprises the security of a system, followed by administrator errors such as failing to patch a system in a timely manner such as the Equifax hack, to platform issues like implementation flaws such as Spectre and Meltdown at the chipset level. Next follows architecture flaws such as poorly designed systems as evidenced in the 2015 white hat Jeep Cherokee hack and finally at the base of the pyramid, public key cryptography, which will be broken by a large-scale quantum computer in about eight to 15 years.

The quantum threat to public key cryptography represents an unprecedented security risk that governments and large organizations have not had to mitigate in the past. For example, a quantum-enabled attack could allow a state-sponsored adversary to essentially impersonate a root certificate authority (CA) allowing them to forge signatures for all certificates below that CA in the chain. Malicious code could be pushed to unsuspecting users compromising critical systems such as the brake and ignition systems in connected cars.

TPG: What is your take on quantum computing?

AT: There is a lot of hype around what quantum computing will be able to achieve. When you look at the work that Google, Intel, and IBM are doing in the area of quantum computing, I think it is pretty fair to see a strong correlation between the complex problem solving required in artificial intelligence and the unique problem-solving abilities of quantum computers, especially when complex decision-making based on large data sets is required. Of course, we must also be mindful that these advances to support machine learning also bring us closer to quantum computers capable of breaking public key cryptography. With the foundation of digital security broken, trusted communications over the internet—with and between connected devices—will not be possible. So as compelling as it is to focus on the substantial benefits provided by advances in quantum computing and machine learning, it is equally important to understand that there are some very direct security implications that must also be considered.

TPG: How will quantum computing impact current public key cryptography?

AT: One of the great accomplishments of the modern computing era is the ubiquity—and relative invisibility—of data security achieved using public key cryptography. Experts estimate that within the next eight to 15 years, current public key cryptography is expected to be broken by a large-scale quantum computer, forcing a complete migration to quantum-safe cryptography. The security of contemporary public key cryptography rests upon the inherent difficulty of certain computational tasks such as factoring integers or computing discrete logarithms. These tasks become easily solvable able on a quantum computer running Shor’s algorithm, enabling an attacker to recover secret keys using only public information. An attacker armed with these secret keys could convincingly impersonate any other individual or organization on the Internet, and also read any Internet traffic protected by public key cryptography. There is also Grover’s algorithm, another quantum algorithm which offers what’s known as ‘quantum speedup’ through quadratic improvement to unordered search. Grover’s could be used to attack symmetric cryptography like AES by improving the brute-force attack and effectively cutting the bit length of the key in half.

TPG: With quantum computing looming, what needs to change in order for a company’s data to remain safe?

AT: In order for data to remain secure, the cryptography primitives such as RSA (Rivest Shamir Adleman) and ECC (Elliptic Curve Cryptography) need to be supplemented with quantum-safe algorithms. The idea is that you don’t simply rely on classical or quantum-safe algorithms, both are implemented and run in parallel allowing companies to maintain their FIPS 140-2 certification on the classical implementations, all while future-proofing their systems and products with quantum-safe encryption. Ask your vendors if quantum-safe solutions are on their roadmaps yet, and if crypto-agility will be built in.

TPG: How would a quantum computer break current public key cryptography?

AT: Quantum computers excel at solving certain mathematical problems that are intentionally designed to be difficult or impossible to solve. These are the problems on which certain public key cryptographic algorithms are based—the problems that protect your information, such as credit card numbers, identity information, military secrets, etc. These problems include the integer factorization problem and the discrete logarithms problem on which security systems such as RSA and ECC are based. They are two of the public key cryptographic methods most widely used to secure the Internet and wireless systems today. In addition, authentication methods based on these concepts are also at risk. Basically, all public key cryptographic systems can be broken by a sufficiently powerful quantum computer, and this also means that everything that is transmitted in encrypted form can eventually be indiscriminately decrypted.

TPG: Can you explain the quantum-enabled attack “harvest & decrypt?”

AT: As we know, a universal quantum computer can break public key algorithms. Fundamentally, we use those for authentication and key establishment. In a “harvest & decrypt” attack, an adversary “harvests” the secure communication session (including the handshake that contains key establishment messages) and then at a later date breaks the key establishment, using a universal quantum computer to obtain the symmetric session key which are used to “decrypt” the encrypted data.

TPG: How does cryptography need to evolve? 

AT: In the past, we were a bit spoiled by what we had to use for public key cryptography, essentially RSA and ECC. Why do we say that? Because if we look at RSA, we see that it is a universal algorithm—we can use the same algorithm to effectively encrypt, decrypt, sign and verify. We can do the same with ECC, all while using the same algorithm.

However, if we look at quantum-safe cryptography, the five areas of math identified to be quantum-safe all have different pros and cons. This means that when we look at what is the right cryptography to use for certain applications, we can no longer simply ask which algorithm we should use (RSA or ECC?) We need to consider the memory, bandwidth, and processor requirements before selecting the best type of math. Cryptography needs to not only be quantum-safe moving forward, but a variety of different algorithms that suite many different use cases need to be standardized, which is NIST’s full intent as part of its Post-Quantum Cryptography standardization process.

When we consider which algorithms to include in the ISARA Radiate toolkit, we strive to provide our customers with most amount of choice for their various use cases, so they can use the right algorithms for the right applications minimizing impact to user experience and overall changes required.

TPG: What are your recommendations to companies today related to quantum computing?

AT: While we cannot migrate all the systems today, users need to evaluate how they secure information today and how long it takes for them to migrate their systems. In most cases, steps need to be taken today to ensure the organizations are ready tomorrow. There are three particular areas to focus on:

• Harvest & Decrypt. There are NIST-recommended approaches on how to protect your information today. ISARA has multiple algorithm options to suit every protocol and the expertise on how to integrate those solutions.
• Roots of Trust. Long-lived devices need to be able to reliably authenticate software/firmware updates sent to them after a universal quantum computer is available. ISARA can help deploying post-quantum roots of trust today to ensure the long-lived devices do not need to be recalled or replaced in the future.
• PKI crypto-agility. From past experiences (Suite B migration), we know that PKIs and dependent systems take too long to update. ISARA pioneered a new approach to make PKIs crypto-agile, allowing the dependent to systems choose which algorithm to use while using the same certificate chain. These crypto-agile certificates are fully compatible with existing systems.

TPG: What is ISARA’s quantum-safe security offering?

AT: The ISARA Radiate Security Solution Suite features a quantum-safe cryptographic module that contains algorithms for all five areas of mathematics and provides multiple options for digital signature, key agreement and key encapsulation. It also contains integration and migration technology to help customers make a seamless transition.

TPG: What are crypto-agile certificates? 

AT: Crypto-agile certificates contain subject alternate public key and alternate issuer signature. The default and alternate signatures sign all of the certificate attributes. The certificate chain can be verified by following either default issuer signatures or alternate. The end entity can either sign messages/challenges/key using the private key corresponding to the default public key or alternate public key.

TPG: How do crypto-agile certificates provide value in today cryptographic space?

 AT: The motivation for this came from the need to migrate quantum-vulnerable public-key algorithms. While key establishment algorithms can be negotiated between peers, authentication relies on the digital signature algorithm used by the authentication certificate. With crypto-agile certificates, we make digital signature algorithm negotiation possible. This will significantly reduce the complexity and cost of migrating a PKI and all dependent systems.