Network Security
Learn More About Post-Quantum Security
Table of Contents
Expand All
|
Collapse All
Network Security Docs
Learn More About Post-Quantum Security
Post-quantum security information from government, standards, and other
resources.
Post-quantum security, post-quantum technologies, and recommended post-quantum
implementations are in their infancy. As you plan for securing your assets in a
post-quantum computing world, it's important to understand as much as you can about
post-quantum technologies, government regulations and mandates that affect your
business, and how to transition to post-quantum VPNs and ciphers.
The United States government and governments around the world are creating plans to
address the quantum security threat posed by quantum computers and post-quantum
cryptography. In addition, standards bodies such as the National Institute of
Standards and Technology (NIST) and the Internet Engineering Task Force (IETF) are
creating standards for new post-quantum technologies and how to implement them.
This topic provides links to information to help you increase your understanding,
preparation, and transition to post-quantum security in your business.
United States Government
The governments of many nations are developing plans, mandates, and laws to address
the quantum computing threat and the advent of post-quantum cryptography. The
following links provide information on the how the United States government is
addressing the issue, including links to information from the National Institute of
Standards and Technology (NIST) and the National Security Agency (NSA). Check your
local government's security sites and organizations to find out how your government
is approaching post-quantum security.
-
The NIST Post-Quantum Cryptography Resource Center provides information about post-quantum cryptography standardization and other material.
-
The NIST National Cybersecurity Center of Excellence (NCCOE) Migration to Post-Quantum Cryptography offers guidance for migrating to post-quantum cryptography.
-
Symmetric Key Management Requirements Annex V2.1 from the NSA's Central Security Service provides implementation requirements for the use of pre-shared keys for Commercial Solutions for Classified (CSfC).
-
The Department of Homeland Security website for post-quantum cryptography includes the department's post-quantum roadmap and other resources.
-
The Post-Quantum Cryptography Initiative from the Cybersecurity & Infrastructure Security Agency (CISA) unifies post-quantum efforts with other government agencies and industry partners to address quantum computing threats. The site also provides links to more resources from CISA, NIST, and the Department of Homeland Security.
-
To encourage the migration of Federal government information technology systems to quantum-resistant cryptography, President Biden signed the Quantum Computing Cybersecurity Act (HR 7535).
-
Executive Memorandum M-23-02, Migrating to Post-Quantum Cryptography, from the Executive Office of the President, provides direction for United States agencies on complying with National Security Memorandum 10 (NSM-10), National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems.
Other World Governments
The following links provide information on the how several governments around the
world are addressing the issue.
-
The German Federal Office for Information Security (BSI) provides information about post-quantum cryptography, migration strategies, current developments and recommendations, and other material.
-
The United Kingdom Government provides information on quantum computers and technologies, quantum computer threat, national quantum strategy, quantum key distribution, quantum random number generation, and other material.
-
The French Cybersecurity Agency (ANSSI) provides information about post-quantum transition, quantum key distribution, and other material.
-
The Netherlands General Intelligence and Security Service (AIVD) provides information about quantum computer threats, post-quantum migration strategies and steps, quantum key distribution, and other material.
-
The European Union Agency for Cybersecurity (ENISA) provides information on post-quantum cryptography, hybrid implementations, post-quantum strategies, and other material.
-
The Monetary Authority of Singapore provides information about quantum programs and addressing cybersecurity risks associated with quantum.
-
The Government of Japan provides information about quantum strategies, quantum security, and migration to quantum technology.
RFCs
Requests for proposal (RFCs) describe the technical foundations of the
internet. Several RFCs describe aspects of IKEv2 resistance to attacks from quantum
computers:
-
RFC 8784, Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-Quantum Security, describes the standard for the IKE extension that enables IKEv2 to be resistant to attacks from quantum computers. How RFC 8784 Resists Quantum Computing Threats summarizes the effect of RFC 8784 in your network.
-
RFC 6379, Suite B Cryptographic Suites for IPsec, describes the Suite-B-GCM-256 bit algorithm that you should use instead of the weaker AES-128 bit encryption. Removing weak ciphers such as AES-128 helps delay the time when Grover's algorithm might be able to break symmetric encryption.
-
RFC 9370, Multiple Key Exchanges in the Internet Key Exchange Protocol Version 2 (IKEv2), describes how to extend IKEv2 to allow multiple key exchanges to mix to create the encryption key.
-
RFC 9242, Intermediate Exchange in the Internet Key Exchange Protocol Version 2 (IKEv2), defines an intermediate exchange mechanism that enables the transfer of large amounts of data, such as encryption keys based on multiple key exchanges, in the initial key exchange. This helps to avoid fragmentation. (Some devices don't allow fragmentation.)
-
RFC 7383, Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation, enables IKE messages to be fragmented at the IKE level, which eliminates issues caused by IP fragmentation. However, RFC 7383 does not work for the initial exchange. RFC 9242 helps avoid fragmentation in the initial exchange and RFC 7383 avoids IP fragmentation in subsequent IKEv2 messages.
Technologies and General Information
Many organizations recognize the potential threats posed by quantum computers and by
technologies that pose no danger when run on classical computers but pose
potentially catastrophic danger when run on a cryptographically relevant quantum
computer (CRQC).
-
The Open Quantum Safe organization's liboqs site is an open source C library for quantum-safe cryptographic algorithms.
- The Linux Foundation's Post Quantum Cryptography Alliance project seeks to address cryptographic security challenges posed by quantum computing by producing high-assurance software implementations of standardized algorithms.
-
Shor's algorithm threatens to break many classical asymmetrical encryption algorithms that are in use today when used with a CRQC. Shor's algorithm factors large, complex numbers to derive the prime numbers that are the basis for classical, asymmetric encryption.
-
Grover's algorithm is a quantum, quadratically accelerated unstructured search algorithm. It can break classical symmetrical encryption algorithms through brute force by cutting the cryptographic strength of AES algorithms and hash functions in half when it is used with a CRQC.
-
Harvest Now, Decrypt Later attacks are a currently active threat. In Harvest Now, Decrypt Later attacks, attackers steal data that they can't decrypt now and store it until a CRQC can decrypt it. These attacks are taking place today and pose an immediate threat to long-lived data.
-
The Quantum Inspire knowledge base article What is a Qubit? explains quantum bits.
-
The Deloitte article The Quantum Threat to Cryptography discusses reasons why you should start your post-quantum transition as soon as you can, as does the Forbes article The Quantum Threat to Cryptography: Don't Panic, But Prepare Now.
-
The ETSI Quantum-Safe Cryptography (QSC): A Repeatable Framework for Quantum-safe Migrations provides a good template for creating a post-quantum migration plan.
-
The World Economic Forum Quantum Economy Blueprint provides a roadmap to build quantum ecosystems in an equitable manner to enable the transition to the quantum economy.