3 Reasons Why the Post Quantum Crypto Migration Will Be a Snoozefest
First, some background: we're pretty sure that quantum computers will eventually be able to crack certain types of encryption. This has led to a post-quantum cryptography (PQC) migration to replace the vulnerable crypto with quantum-resistant replacements.
If you want a primer on quantum computing, I put together a 2-part quantum special on my podcast, Enterprise Security Weekly, in 2023. In the first part, Kayla Lee gives a great overview on the current state of quantum computing - what it can and can't do. Then, in part 2, Vadim Lyubashevsky, one of the authors of the NIST-accepted PQC standards, explains the potential threat from quantum computing, and which types of encryption are affected.
1. The migration started years ago
Most of us don't manage crypto libraries. Web browsers, operating systems, and even smartphones get these updates automatically. Post-quantum cryptography (PQC) already exists most places. Yes, NIST just finalized their selections, but big tech didn't wait for that to happen before they started rolling out PQC.
AWS first offered PQC in November 2019 - over five years ago.
Apple devices got PQC earlier this year.
Chrome is already on its second PQC release.
Microsoft is on top of this as well.
The libraries we depend on behind the scenes are getting there as well.
The majority of stuff we care about will get PQC automagically. We won't have to think about it. The stuff that doesn't, well, that brings me to my second point.
2. Encryption doesn't stop attacks
Encryption has never been a challenge for attackers. Why?
Users live in a decrypted world
If you want to use a quantum computer to decrypt network traffic, you need to capture network traffic. To capture network traffic, you need to intercept traffic. If you are in a position to intercept traffic, there are probably quicker and easier ways of accomplishing your goals than trying to crack TLS sessions. Attackers go after the endpoints where these sessions are created.
Recommended by LinkedIn
Attacks on cryptography just aren't necessary for most attackers to achieve their goals. There are entire classes of vulnerabilities that we've never seen attackers take interest in. Side channel attacks (Meltdown, Spectre), SSL/TLS attacks (BEAST, CRIME, POODLE, FREAK, etc). Part of the reason are the prerequisites necessary to leverage these attacks.
3. Updating/migrating crypto is routine
If you checked out the podcast I shared above, you know that some asymmetric and digital signature crypto can be potentially cracked by quantum computers at some point in the future. Next year? 10 years from now? We don't know. What we do know is that issues with cryptography is nothing new - we know how to update protocols like SSL and TLS, and how to replace weak cryptography. The major difference here is that the driver for replacing crypto protocols and standards are flaws in the standards themselves, not a new computing paradigm.
With all that said, the process of replacing encryption standards in web servers, browsers, operating systems, email servers, and other software already exists. We've been through over half a dozen major updates to SSL and TLS, and dozens of changes to the underlying cipher suites that these protocols use.
So why all the hype and urgency here? The quantum threat does have an ominous ring to it.
We've been doing crypto migrations forever. We know how to do this, and it has never been urgent. I don't see us adding a "QUANTUM APOCALYPSE" option on the CVSS calculator that adds 5 extra points, because quantum is scary.
Conclusion
There will be vendors and enterprises that drag their feet. Just like all the outdated cipher suite findings we've seen on a pentest report or vulnerability scan in the past, you'll be seeing a lot of "non-PQC compliant" findings in the future. LONG into the future. Some of these fixes will be simple configuration changes, as they have been in the past. Some will require you to pester your vendors incessantly. As we have done in the past. Just so you can get those sweet, clean quarterly scans for PCI DSS compliance 😅
Do we need to get the migration done?
Yes. Chop wood, carry water, update crypto. Get it done.
Will there be a "Crypto Apocalypse"?
Probably not.
Finally, I want to say that I don't think there's anything inherently wrong with the products or services aiming to help with this PQC migration, just that the hype around this problem is getting out of control.
DISCLOSURE: I've done tons of interviews with folks about post-quantum cryptography (PQC) on my podcast, and some of those interviews were sponsored by vendors selling PQC products or services.
Vulnerability Historian
6dRealistically, how many years out do you see this being an issue? [Your answer may be used against you in a few++ years!]
Interesting article. As you said PQC will be a barely noticeable bump in the road for most users. The interest really lies with the data that the likes of the NSA, GCHQ, etc have been hoovering up from the Internet for decades and storing for exactly the moment the underlying crypto becomes breakable and all that legacy intelligence becomes available to them. If our side did it, so did our adversaries and it’ll be interesting to see what both sides make public from that data.
Principal Cloud Security Engineer, Security Unfiltered Podcast Host, Advisory Board Member, Doctoral Candidate, Adjunct Professor
1wThis topic is a huge part of my PhD
The point that most users will be oblivious to the rollout for PQC is true. Its like the switch from SSL to TLS etc. The challenge is more for those teams that must make the transition. PQC introduce challenges like increase data size of encrypted data and possible latency increases in encrypted network data. Then there is the question of wrapping your existing encrypted data with PQC.