>
    Learn More About Post-Quantum Security
    Focus
    Download PDF
    Focus
    1. Home
    2. Network Security
    3. Quantum Security Concepts
    4. Learn More About Post-Quantum Security
    Download PDF
    Network Security

    Learn More About Post-Quantum Security

    Table of Contents

    Learn More About Post-Quantum Security

    Post-quantum security information from government, standards, and other resources.
    Post-quantum security, post-quantum technologies, and recommended post-quantum implementations are in their infancy. As you plan for securing your assets in a post-quantum computing world, it's important to understand as much as you can about post-quantum technologies, government regulations and mandates that affect your business, and how to transition to post-quantum VPNs and ciphers.
    The United States government and governments around the world are creating plans to address the quantum security threat posed by quantum computers and post-quantum cryptography. In addition, standards bodies such as the National Institute of Standards and Technology (NIST) and the Internet Engineering Task Force (IETF) are creating standards for new post-quantum technologies and how to implement them.
    This topic provides links to information to help you increase your understanding, preparation, and transition to post-quantum security in your business.

    United States Government

    The governments of many nations are developing plans, mandates, and laws to address the quantum computing threat and the advent of post-quantum cryptography. The following links provide information on the how the United States government is addressing the issue, including links to information from the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA). Check your local government's security sites and organizations to find out how your government is approaching post-quantum security.

    Other World Governments

    The following links provide information on the how several governments around the world are addressing the issue.

    RFCs

    Requests for proposal (RFCs) describe the technical foundations of the internet. Several RFCs describe aspects of IKEv2 resistance to attacks from quantum computers:
    • RFC 8784, Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-Quantum Security, describes the standard for the IKE extension that enables IKEv2 to be resistant to attacks from quantum computers. How RFC 8784 Resists Quantum Computing Threats summarizes the effect of RFC 8784 in your network.
    • RFC 6379, Suite B Cryptographic Suites for IPsec, describes the Suite-B-GCM-256 bit algorithm that you should use instead of the weaker AES-128 bit encryption. Removing weak ciphers such as AES-128 helps delay the time when Grover's algorithm might be able to break symmetric encryption.
    • RFC 9370, Multiple Key Exchanges in the Internet Key Exchange Protocol Version 2 (IKEv2), describes how to extend IKEv2 to allow multiple key exchanges to mix to create the encryption key.
    • RFC 9242, Intermediate Exchange in the Internet Key Exchange Protocol Version 2 (IKEv2), defines an intermediate exchange mechanism that enables the transfer of large amounts of data, such as encryption keys based on multiple key exchanges, in the initial key exchange. This helps to avoid fragmentation. (Some devices don't allow fragmentation.)
    • RFC 7383, Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation, enables IKE messages to be fragmented at the IKE level, which eliminates issues caused by IP fragmentation. However, RFC 7383 does not work for the initial exchange. RFC 9242 helps avoid fragmentation in the initial exchange and RFC 7383 avoids IP fragmentation in subsequent IKEv2 messages.

    Technologies and General Information

    Many organizations recognize the potential threats posed by quantum computers and by technologies that pose no danger when run on classical computers but pose potentially catastrophic danger when run on a cryptographically relevant quantum computer (CRQC).
    • The Open Quantum Safe organization's liboqs site is an open source C library for quantum-safe cryptographic algorithms.
    • The Linux Foundation's Post Quantum Cryptography Alliance project seeks to address cryptographic security challenges posed by quantum computing by producing high-assurance software implementations of standardized algorithms.
    • Shor's algorithm threatens to break many classical asymmetrical encryption algorithms that are in use today when used with a CRQC. Shor's algorithm factors large, complex numbers to derive the prime numbers that are the basis for classical, asymmetric encryption.
    • Grover's algorithm is a quantum, quadratically accelerated unstructured search algorithm. It can break classical symmetrical encryption algorithms through brute force by cutting the cryptographic strength of AES algorithms and hash functions in half when it is used with a CRQC.
    • Harvest Now, Decrypt Later attacks are a currently active threat. In Harvest Now, Decrypt Later attacks, attackers steal data that they can't decrypt now and store it until a CRQC can decrypt it. These attacks are taking place today and pose an immediate threat to long-lived data.
    • The Quantum Inspire knowledge base article What is a Qubit? explains quantum bits.
    • The Deloitte article The Quantum Threat to Cryptography discusses reasons why you should start your post-quantum transition as soon as you can, as does the Forbes article The Quantum Threat to Cryptography: Don't Panic, But Prepare Now.
    • The ETSI Quantum-Safe Cryptography (QSC): A Repeatable Framework for Quantum-safe Migrations provides a good template for creating a post-quantum migration plan.
    • The World Economic Forum Quantum Economy Blueprint provides a roadmap to build quantum ecosystems in an equitable manner to enable the transition to the quantum economy.

    © 2024 Palo Alto Networks, Inc. All rights reserved.