In my first blog in this series on quantum preparedness, I talked about the urgency of taking early steps to get ready for this radical change in the way that we think about and manage machine identities. In this blog, I’ll give you some practical advice about how you can prepare your PKI for quantum computers.
One of the reasons we're worried about quantum computers is that they're really good at one specific math problem. But it’s a big one and one that could eclipse everything that we know today. NIST in the United States, and others, are focused on what we should replace that math problem with, and by extension, what the new solution is going to be. In particular, NIST is leading the effort around the standardization through the FIPS program — what's known as post-quantum cryptography.
I want to reiterate that we won’t be able to rely upon RSA and ECC once large-scale quantum computers arrive, so the work now is around the new math constructs that we're going to use to compensate. There are about five different math areas that we're focused on as an industry. Let’s look at how we can use those fundamental math problems to construct cryptographic solutions. Specifically, we need to make sure that we spend enough time and have enough eyeballs on quantum to know what we can trust — and then standardize them so that everyone knows how to use cryptography as a language.
We rely on the language of cryptography to communicate securely. That’s why standards are enormously important to make sure that we all agree upon the language we’re using, and that we all know the grammar to use to talk to each other clearly. This is a complex and challenging problem! NIST started the process back in 2016.
In July of 2022, NIST announced the "First Four Quantum-Resistant Cryptographic Algorithms." In parallel to this, NIST has an effort that has been looking at something called stateful hash-based signatures.
Stateful hash-based signatures are a very good solution for some specific use cases, such as code signing where there aren’t too many signatures. We've been working with a lot of the industry leaders from a security infrastructure perspective to make sure that these types of solutions are ready so that as organizations start to deploy them, their infrastructure is ready.
PKI is complicated, but it's not complicated in terms of drawing the org chart on a white board to illustrate what your Root CA, intermediate CA and end user certificates look like. It's complicated in terms of how it's used by systems.
If we think about an example in the U.S., the U.S. Department of Defense has over four and a half million users on its PKI, and it is using certificates to access benefits through the U.S. Department of Veterans Affairs. They use these machine identities for physical access control into bases with a common access card. They also use them for storing credentials for secure email. If we think about how we start to change and migrate the mathematics that we use from a crypto perspective, the concern is less about the actual certificate itself and more about the compatibility of that machine identity.
That's a protocol-type problem. It becomes a kind of backwards and forwards compatibility problem. Because when we have millions of users, we can't just upgrade all the systems overnight. This is going to be a multi-year, staged upgrade, and you want to simplify this process as much as possible — and make it as seamless to the end-users as possible.
The technology that we've been looking at is something we call ISARA Catalyst, which is an agile methodology that utilizes the existing X.509 certificate format with existing classic algorithms, but also includes a quantum-safe signature in the extension to allow you to have something that's backwards compatible and allows you to upgrade systems in a stepwise fashion. This enables you to be ready for quantum, so you can start trialing out quantum-safe solutions. This will allow you to start making sure that your systems are prepared for any types of changes you may need to make in order to become quantum safe.
PKI is obviously part of it, but as an organization one of the other pieces that is extremely important is thinking about how to start to look at the actual cryptography itself. With new quantum-safe solutions, we're going to have pros and cons and use cases where some math areas may solve certain problems better than other math areas. Some might be safer, but at the expense of larger key sizes, and others might be faster but may have potentially less security associated with them.
What we offer through the ISARA toolkit is the ability for customers to start testing things out now. When we talk to people that are thinking about how they get their systems ready for quantum safety, they want to start seeing what the impact of the new math systems are going to be. They want to make sure that the hardware they have is going to be good enough and that the networking protocols that they're relying upon are going to be ready when large-scale quantum computers arrive.
How do you know you're ready for quantum safety? And how do you get these solutions in front of your clients? This is the work that Venafi and Crypto4A have been doing together via VCert and the Venafi Platform. We've been working together to make sure that you can utilize VCert to start generating keys using NIST candidate algorithms. You can start creating CSRs and certificates that use hybrid technologies. At that point, you can start seeing how quantum safe certificates might work within your environment and understand what things need to be upgraded and what things are going to work great with quantum. This is the sort of normal IT migration problem that you need to think through!
An essential part of this solution is thinking about how to start to issue certificates that are quantum-ready. This is the Crypto4A quantum safe certificate service. We've been working very closely with Crypto4A about how a hardware appliance will help you issue certificates in a quantum-safe environment.
We already have protections that use the Venafi Platform with Crypto4A and ISARA. You can start to prepare your infrastructure to make sure that it is ready to be quantum safe and we’ll also allow you to start testing things out. But it's also important to prepare for an agile transition. As an industry, we've gone through crypto transitions a number of times before — Triple DES to AES, MD5 hash functions and SHA-1 to SHA-2. But this one will be bigger. Changes in key sizes as well as this quantum-safe transition is the largest transition we've had to think about from a cryptographic perspective. It certainly won't be the last transition, so this is our opportunity to make sure that while we're testing, and while we're getting your infrastructure ready for quantum, we can also start planning for what's the next transition and how do we make sure that we're ready for it.
Visit the Venafi Marketplace for information on ISARA and Crypto4A integrations with Venafi.
This blog features solutions from the ever-growing Venafi Ecosystem, where industry leaders are building and collaborating to protect more machine identities across organizations like yours. Learn more about how the Venafi Technology Network is evolving above and beyond just technical integrations.