Skip to main content
banner image
venafi logo

Post-Quantum Cryptography: Lessons Learned from SHA-1 Deprecation

Post-Quantum Cryptography: Lessons Learned from SHA-1 Deprecation

July 21, 2022 | Anastasios Arampatzis
Post-Quantum Encryption Algorithms Announced

The National Institute of Standards and Technology (NIST) has chosen the first collection of cryptographic protocols designed to withstand future quantum computers. The announcement follows a six-year project supervised by NIST, which in 2016 called on the world's cryptographers to create and evaluate encryption algorithms that could withstand an attack from a future quantum computer.

The four chosen cipher algorithms* will be included in the NIST post-quantum cryptographic standard, which is expected to be finalized in around two years.

For NIST's scientists, crypto agility was an important factor. Three of the chosen algorithms (CRYSTALS-Kyber, Crystals-Dilithium, and Falcon) are based on a class of mathematical problems known as structured lattices, whilst SPHINCS+ use hash functions. Dustin Moody, a mathematician and project lead at NIST, explains, "We wanted to ensure that we had a backup strategy in the event that someone discovers a breakthrough and an attack on lattices."

Machine identity is essential for security. Find out how Venafi can help.
What SHA-1 history can teach us

Can the cybersecurity industry learn anything from the problems encountered with the move from the deprecated SHA-1 to the stronger and safer SHA-2 hashing algorithm?

Since 2005, SHA-1 has been regarded as unsafe against well-funded adversaries.  SHA-1 was officially deprecated by NIST in 2011 and its usage for digital signatures was prohibited in 2013. Since 2020, chosen-prefix attacks against SHA-1 are feasible. As a result, it was recommended to immediately eliminate SHA-1 from all products and replace it with SHA-2 or SHA-3. It is especially urgent to replace SHA-1 wherever it is used for digital signatures.

Despite all the emphasis around the shift from SHA-1 to SHA-2, 35% of websites were still utilizing SHA-1 certificates as of November 2016, according to research from Venafi in 2017.

“The results of our analysis clearly show that, while the most popular websites have done a good job of migrating away from SHA-1 certificates, a significant portion of the Internet continues to rely on them,” said Walter Goulet, a cloud solutions product manager at Venafi, in 2017.

The transition away from SHA-1 installments was very slow, although all tech vendors had issued concrete steps on how to mitigate to the SHA-2 family of hashing algorithms. For businesses still using the broken SHA-1, they were facing serious risks, including:

  • Increased possibility of a collision or man-in-the-middle attack
  • The presence of wildcard SSL certificates
  • Website being restricted by common web browsers.
  • Loss of revenue from customers who could not access a business website.
  • Damaged brand reputation and loss of future business.

The same issues, or even worse, will be faced in the near future if businesses, organizations and agencies fail to be proactive in establishing concise and comprehensive policies and practices for migrating to a post-quantum encryption regime.

Challenges toward post-quantum cryptography: confidentiality and authentication

The threat to confidentiality is obvious: quantum computers will be able to decrypt not only currently-transmitted data but also data that has already been recorded and stored. The threat model for authentication is a little more complicated: a quantum computer could be used to stage a man-in-the-middle attack, for instance, and to modify aspects of the past message, like the sender's identity, retroactively. Both threat models should be considered because they present issues for current traffic and any traffic delivered in the future.

Updates to the complicated encryption system create both technical and managerial hurdles, according to Cloudflare's blog:

  • Technically speaking, can we use the post-quantum signatures in our handshakes despite their greater sizes and longer computation times?
  • How are we going to organize the migration of this intricate system, from a management perspective? Is there going to be a ceremony to upgrade the algorithms? How will we respond if certain systems have updates while others have not? How can we cancel expired certificates?

To overcome these challenges, careful planning is required. NIST has developed a whitepaper which outlines the steps for migration to post-quantum cryptography.

The best practice is being crypto-agile, and Venafi encourages our customers to do the same. There will be a fresh batch of algorithms to support preparation for Post Quantum Cryptography (PQC). The first step is to check your crypto inventory and general post-quantum readiness right away so that you can start preparing.

Prepare a quantum-safe architecture now. Start by examining all your crypto-dependent applications. Would the application still operate if you changed the algorithm? What must you do to make them function if they fail? Make sure to do this for each application inside your company that relies on cryptography.

Learn from the mistakes of the past to create a strategy that will ensure business continuity. Your organization will migrate to data protection in a quantum-safe environment more easily if you start early.



*The four algorithms selected by NIST are:  (1) The CRYSTALS-Kyber algorithm has been selected in general encryption, (2) CRYSTALS-Dilithium, (3) FALCON, and (4) SPHINCS+ as the three algorithms for digital signatures. NIST suggests CRYSTALS-Dilithium as the primary algorithm and FALCON for applications requiring smaller signatures than Dilithium offers.

Related Posts

Like this blog? We think you will love this.
Featured Blog

CISOs Beware: Chinese Threat Groups Expected to Use Quantum Computers to Decrypt Data, Says Report

As Quantum computing evolves from the theoretical to the practical, data theft is expected to be

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Anastasios Arampatzis
Anastasios Arampatzis

Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years of experience in evaluating cybersecurity and managing IT projects. He works as an informatics instructor at AKMI Educational Institute, while his interests include exploring the human side of cybersecurity.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more