It’s a matter of time until the day arrives when quantum computers will crack traditional encryption. This moment, often referred to as “Y2Q,” may be as little as three to five years away, given the billions of dollars of investment flowing into the field.
While we can’t be sure of the exact date of Y2Q, we can be sure of what quantum will mean in comparison with today’s computers and more specifically what it means for today’s security standards.
On one hand, the greatly enhanced computing power is eagerly awaited by those involved with financial modeling and data analysis for drug discovery, to name just a few examples of how it will be applied. On the other, quantum computing’s effectiveness at tasks such as the factorization of very large integers and solving discrete logarithm problems are the key properties for breaking today’s public key cryptography.
This developing security problem, often called the quantum threat, is a real and pressing concern for any organization relying on traditional security models. It is also important to clarify that it would only require a lab-ready machine to begin cracking today’s encryption; there is no need to wait for a commercially robust quantum computer.
The quantum threat is no longer abstract or academic. It is a real and alarming change for governments and large organizations across a range of vertical sectors, many of which rely heavily on SD-WAN today.
For corporations using SD-WAN secured with traditional IPsec, the potential harm upon reaching this moment is unimaginable with financial, intellectual property and personal information all becoming vulnerable.
Setting Standards With NIST
While we know that Y2Q is coming soon, it’s important to also recognize that the National Institute of Standards and Technology (NIST) in the United States has already been working for four years to gather the world’s top cryptographers in the hunt for new cryptographic algorithms that can withstand quantum attack.
More than 80 submissions were made originally, now whittled down to just four finalist algorithms for “encryption” and “key-establishment.” Three finalists are “structured lattice” schemes, whereas the fourth, Classic McEliece, is a code-based approach.
Classic McEliece has the advantage of having been well-studied and attacked in the real world. Since its introduction 40 years ago, the McEliece crypto-system has never been broken and with the post-quantum cryptography modifications, it is an extremely robust and highly performant option.
While we cannot be sure which algorithms will be selected by NIST, the group has said it plans to select just one lattice and is also expected to include an alternative method. Classic McEliece is the only alternative finalist.
The work carried out by NIST brings us back to the crucial question of how to protect data in transit that will soon become vulnerable to quantum attack.
Whichever algorithms are finally standardized by NIST, the concept of “crypto-agility,” whereby quantum-safe products such as VPNs are designed so that a variety of possible algorithms can be “dropped in,” means that products being designed now will be fit for purpose come the final NIST standardization. This means VPN technology, which enables us to have safe and private connections through the public internet network, can be made quantum-resistant today so that a protected tunnel is established between end user devices as well as between office locations, data centers and cloud services.
It allows users, offices and communities of interest (e.g. supply chains) to be connected securely over the internet instead of using expensive private lines. Furthermore, as organizations move their infrastructure to the cloud, a VPN can also be used to provide a secure tunnel between an on-premises network and the cloud. Since the lockdown caused by the COVID-19 pandemic, VPNs have also become a must-have tool to enable staff to work from home.
Overcoming the Quantum Future Today
If we look at the SD-WAN market today, we see a number of highly competitive vendors offering to protect sensitive data and protect communications. In short, security is now a key differentiator and in many ways is the most sought-after piece of any offering.
Going forward, that security piece will have to become even more robust. Gartner predicted that 60% of enterprises will have implemented SD-WAN by 2024, compared with fewer than 20% in 2019. But this leap will only be fully realized when vendors demonstrate quantum-safe capability—and it will have to be soon.
Whilst NIST’s post-quantum cryptography standards aren’t expected until 2022, this does not preclude the adoption of agile quantum-safe VPN solutions that have been engineered to be algorithm-agnostic. As the migration will take many years to complete, NIST has already given guidance that enterprises can adopt a hybrid scheme as long as it incorporates at least one FIPS 140-compliant algorithm. It is important to plan ahead as the post-quantum security skills and resources that companies need are in very short supply, and upon release of the NIST standard there is expected to be a global capacity crunch.
That’s why the time is now to make the transition to be one step ahead of the competition and potential adversaries. This is crucial if the data you carry is of long-term confidential value, because it is already at risk today.