Preparing Critical Infrastructure for Post-Quantum Cryptography: Strategies for Transitioning Ahead of Cryptanalytically Relevant Quantum Computing
DOI:
https://doi.org/10.46328/ijonest.240Keywords:
Post-Quantum Cryptography, Cryptanalytically Relevant Quantum Computing, Critical Infrastructure, Cryptographic Transition, Quantum-Resistant Algorithms, Artificial IntelligentAbstract
As Cryptanalytically Relevant Quantum Computing (CRQC) approaches, organizations managing critical infrastructure must prepare to transition to Post-Quantum Cryptography (PQC). This paper provides comprehensive guidance for this transition, addressing the challenges of quantum computing to current cryptographic systems. It presents a framework for the efficient and timely adoption of PQC within critical infrastructure. The study examines the current development of PQC, evaluates vulnerabilities in legacy cryptographic algorithms, and identifies key strategies for mitigating risks associated with quantum computing. The proposed framework includes a multi-faceted approach, encompassing the evaluation and selection of PQC algorithms, developing a phased transition plan, and establishing governance structures to ensure the long-term viability of quantum-resistant cryptographic infrastructure. Additionally, the paper underscores the importance of collaboration among business leaders, governmental bodies, and educational institutions to promote knowledge sharing and accelerate the adoption of PQC standards. By proactively addressing the challenges of transitioning to PQC, organizations can enhance the resilience of critical infrastructure, ensuring the confidentiality, integrity, and availability of sensitive data in the face of advancing quantum computing capabilities.References
CISA, (2003). Homeland Security Presidential Directive 7. Retrieved from http://www.cisa.gov/news-events/directives/homeland-security-presidential-directive-7
DSH, (2021). Preparing for Post-Quantum Computing Cryptography. Retrieved from http://www.dhs.gov/sites/default/files/publications/post-quantum_cryptography_infographic_october_2021_508.pdf
DHS, (2003).The Physical Protection of Critical Infrastructures and Key Assets. Retrieved from http://www.dhs.gov/xlibrary/assets/Physical_Strategy.pdf
Mosca, M., & Piani, M. (2022). 2021 Quantum Threat Timeline Report. Retrieved from http://globalriskinstitute.org/publication/2021-quantum-threat-timeline-report-global-risk-institute-global-risk-institute/
NIST, (2017). Post-Quantum Cryptography Standardization. Retrieved from http://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization
Chen et al. (2016). Report on post-quantum cryptography. National Institute of Standards and Technology.
World Economic Forum, (2021). Quantum computing governance principles. https://www.weforum.org/whitepapers/quantum-computing-governance-principles
Stallings, W. (2017). Cryptography and network security: principles and practice (7th ed.). Pearson.
Daemen, J., & Rijmen, V. (2002). The design of Rijndael: AES-the advanced encryption standard. Springer.
Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE transactions on Information Theory, 22(6), 644-654.
Kirsty Paine, K.P. (2023). Cryptographically Relevant Quantum Computers (CRQCs) & The Quantum Threat. Retrieved from http://www.splunk.com/en_us/blog/learn/crqcs-cryptographically-relevant-quantum-computers.html
Ruane, J., McAfee, A., & Oliver, W. D. (2022). Quantum computing for business leaders. Harvard Business Review. Retrieved from https://hbr.org/2022/01/quantum-computing-for-business-leaders
Shor, P. W. (1994, November). Algorithms for quantum computation: discrete logarithms and factoring. In Proceedings 35th annual symposium on foundations of computer science (pp. 124-134). IEEE.
Shor, P. W. (1999). Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM review, 41(2), 303-332
Grover, L. K. (1996, July). A fast quantum mechanical algorithm for database search. In Proceedings of the twenty-eighth annual ACM symposium on Theory of computing (pp. 212-219).
Bernstein, D. J. (2010). Grover vs. McEliece. In Post-Quantum Cryptography (pp. 73-80). Springer, Berlin, Heidelberg.
Lydersen, L., Wiechers, C., Wittmann, C., Elser, D., Skaar, J., & Makarov, V. (2010). Hacking commercial quantum cryptography systems by tailored bright illumination. Nature photonics, 4(10), 686-689.
Wallden, P., & Kashefi, E. (2019). Cyber security in the quantum era. Communications of the ACM, 62(4), 120-129.
Krause, R. (2023). After Artificial Intelligence, Quantum Computing Could Be The Next Big Thing. Retrieved from https://www.investors.com/news/technology/quantum-computing-after-artificial-intelligence-it-could-be-the-next-big-thing/
GQI, (2024). Riverlane Discloses Its Quantum Error Correction Roadmap Through 2026. Retrieved from http://quantumcomputingreport.com/riverlane-discloses-its-quantum-error-correction-roadmap-through-2026
DHS, (2021). Preparing for Post-Quantum Computing Cryptography. Retrieved from http://www.dhs.gov/sites/default/files/publications/post-quantum_cryptography_infographic_october_2021_508.pdf
Vezic, M. (2023). Q-Day Predictions: Anticipating the Arrival of Cryptanalytically Relevant Quantum Computers (CRQC). Retrieved from http://postquantum.com/post-quantum/q-day-crqc-predictions/
Biamonte et al. (2017). Quantum machine learning. Nature, 549(7671), 195-202
Dunjko, V., & Briegel, H. J. (2018). Machine learning & artificial intelligence in the quantum domain: a review of recent progress. Reports on Progress in Physics, 81(7), 074001.
Preskill, J. (2018). Quantum Computing in the NISQ era and beyond. Quantum, 2, 79
Mosca, M., & Piani, M. (2019). Quantum Threat Timeline Report 2019. Global Risk Institute
Herrero-Collantes, M., & Garcia-Escartin, J. C. (2017). Quantum random number generators. Reviews of Modern Physics, 89(1), 015004
Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture. National Institute of Standards and Technology (NIST) Special Publication 800-207.
Copeland, B. J. (2012). Turing: Pioneer of the Information Age. Oxford University Press.
ETHW, (n.d.). Milestones:Invention of Public-key Cryptography, 1969 - 1975. Retrieved from http://ethw.org/Milestones:Invention_of_Public-key_Cryptography,_1969_-_1975
Singh, S. (1999). The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography. New York: Anchor Books.
Biercuk, M. J., & Fontaine, R. (2017). The leap into quantum technology: A primer for national security professionals. War on the Rocks, 17.
Chown, P. (2002). Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS). RFC 3268, DOI 10.17487/RFC3268.
Barker, E., & Roginsky, A. (2019). Transitioning the Use of Cryptographic Algorithms and Key Lengths. NIST Special Publication 800-131A, Revision 2, DOI 10.6028/NIST.SP.800-131Ar2.
Fischlin, R., & Schnorr, C. P. (2000). Stronger security proofs for RSA and Rabin bits. Journal of Cryptology, 13(2), 221-244, DOI 10.1007/s001459910011.
Gueron, S., & Krasnov, V. (2015). Fast prime field elliptic-curve cryptography with 256-bit primes. Journal of Cryptographic Engineering, 5(2), 141-151, DOI 10.1007/s13389-014-0090-x.
National Institute of Standards and Technology. (2016). Report on Post-Quantum Cryptography. NIST IR 8105, DOI 10.6028/NIST.IR.8105.
Smid, M. E., & Branstad, D. K. (1988). The Data Encryption Standard: past and future. Proceedings of the IEEE, 76(5), 550-559, DOI 10.1109/5.4441.
Alagic et al. (2022). Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process. NIST IR 8413.
Moody et al. (2022). Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process. NIST IR 8413. https://doi.org/10.6028/NIST.IR.8413
Fernandez-Vazquez et al. (2022). Security Standards and Post-Quantum Cryptography: Current Situation and Future Trends. IEEE Access, 10, 38831-38849. https://doi.org/10.1109/ACCESS.2022.3166092
Buchmann et al. (2022). Post-quantum cryptography: An introduction for data protection officers. Datenschutz und Datensicherheit-DuD, 46(2), 83-88. https://doi.org/10.1007/s11623-022-1587-7
Ticong, L. (2024). 7 Types of Data Classification. Retrieved from http://www.datamation.com/big-data/types-of-data-classification/
Mosca, M. (2015). Cybersecurity in a Quantum World: will we be ready?. Retrieved from http://csrc.nist.gov/csrc/media/events/workshop-on-cybersecurity-in-a-post-quantum-world/documents/presentations/session8-mosca-michele.pdf
NIST, (2016). Public-Key Post-Quantum Cryptographic Algorithms. Retrieved from http://csrc.nist.gov/News/2016/Public-Key-Post-Quantum-Cryptographic-Algorithms
Moody, D. (2024). Are We there Yet? Retrieved from http://csrc.nist.gov/csrc/media/Presentations/2024/update-on-the-nist-pqc-standardization-project/images-media/moody-are-we-there-yet-pqc-pqc2024.pdf
CSRC, (2022, July). Announcing PQC Candidates to be Standardized, Plus Fourth Round Candidates. Retrieved from http://csrc.nist.gov/news/2022/pqc-candidates-to-be-standardized-and-round-4
NIST, (2022). Announcing PQC Candidates to be Standardized, Plus Fourth Round Candidates. Retrieved from http://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4
NIST, (2024, August). Quantum Cryptography FIPS Approved. Retrieved from http://csrc.nist.gov/News/2024/postquantum-cryptography-fips-approved
IBM, (2024, August). NIST’s post-quantum cryptography standards are here. Retrieved from http://research.ibm.com/blog/nist-pqc-standards
McKay, K., Bassham, L. E., Turan, M. S., & Mouha, N. (2017). Report on lightweight cryptography. National Institute of Standards and Technology. Retrieved from https://www.nist.gov/publications/report-lightweight-cryptography
NSA, (n.d.). Quantum Key Distribution (QKD) and Quantum Cryptography QC. Retrieved from http://www.nsa.gov/Cybersecurity/Quantum-Key-Distribution-QKD-and-Quantum-Cryptography-QC/
Harishankar, R., Osborne, M., Arun, J. S., Buselli, J., & Janechek, J. (2024). Crypto agility and quantum-safe cryptography. IBM Quantum. Retrieved August 8, 2024, from https://www.ibm.com/quantum/blog/crypto-agility
Downloads
Published
Issue
Section
License
Copyright (c) 2024 International Journal on Engineering, Science and Technology
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Articles may be used for research, teaching, and private study purposes. Authors alone are responsible for the contents of their articles. The journal owns the copyright of the articles. The publisher shall not be liable for any loss, actions, claims, proceedings, demand, or costs or damages whatsoever or howsoever caused arising directly or indirectly in connection with or arising out of the use of the research material.
The author(s) of a manuscript agree that if the manuscript is accepted for publication in the International Journal on Engineering, Science and Technology (IJonEST), the published article will be copyrighted using a Creative Commons “Attribution 4.0 International” license. This license allows others to freely copy, distribute, and display the copyrighted work, and derivative works based upon it, under certain specified conditions.
Authors are responsible for obtaining written permission to include any images or artwork for which they do not hold copyright in their articles, or to adapt any such images or artwork for inclusion in their articles. The copyright holder must be made explicitly aware that the image(s) or artwork will be made freely available online as part of the article under a Creative Commons “Attribution 4.0 International” license.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
