With emerging advances in anti-abuse cryptography, such as NIST’s Post-Quantum Encryption Standards, becoming increasingly vital to adopt, Dr. Douglas Stebila delivered the keynote address at M3AAWG’s 62nd General Meeting in Toronto, offering insights into the critical transition to quantum-resistant cryptography (PQC).
Dr. Stebila currently serves as an associate professor of cryptography at the University of Waterloo in Ontario, Canada. He is also the co-founder of the Open Quantum Safe project, an open-source software project for prototyping and evaluating quantum-resistant cryptography, and is an internationally recognized expert in developing practical PQC.
PQC, also known as quantum-resistant algorithms, refers to cryptographic methods based on computational assumptions believed to be resistant to quantum computer attacks. A sufficiently large quantum computer would be able to solve certain problems much faster than traditional computers, including breaking some of the public key encryption algorithms widely used to secure today's IT infrastructure. While no large-scale quantum computers have yet been built, it is important to start the transition to quantum-resistant algorithms early due to the "harvest now, decrypt later" attack, where bad actors may be recording encrypted communications now and then decrypting them in the future once a quantum computer exists.
Over the past 8 years, the US National Institute of Standards and Technology (NIST) has run a public effort with the international research community to select and standardize new post-quantum cryptography algorithms, the first of which are now ready for adoption.
During his keynote address, Dr. Stebila noted that the US government estimates it will cost them an estimated $7.1 billion to migrate to NIST’s PQC standards between 2025 and 2035.* He also pointed out that 50% of experts surveyed indicate there is a 50% chance that there will be a cryptographically relevant quantum computer by 2038.**
“We don’t know when the first quantum computer will be here, but the key is to forecast your risk tolerance for a future threat,” he told attendees.
Dr. Stebila also discussed the benefits and challenges of using a hybrid approach that combines traditional and post-quantum algorithms, and gave an update on the progress in deploying hybrid post-quantum cryptography in the Transport Layer Security (TLS) protocol.
When it comes to getting involved, Dr. Stebila highlighted the importance of open-source efforts, such as the Linux Foundation’s Post-Quantum Cryptography Alliance and the previously mentioned Open Quantum Safe project. As the presentation came to a close, Dr. Stebila provided six action items for attendees to consider:
- Inventory where and how your product/code uses cryptography.
- Implement crypto agility to minimize code changes.
- Pilot the use of PQC.
- Prepare to use different algorithms for public key encryption, key exchange, and signatures.
- Test your code for impact of large key sizes, ciphers, and signatures.
- Participate in standardization efforts and foster awareness.
M3AAWG looks forward to continuing the conversation at our 63rd General Meeting in Lisbon, Portugal, in February 2025.
References
*Office of the White House. (2024, July). Report on post-quantum cryptography.
https://www.whitehouse.gov/wp-content/uploads/2024/07/REF_PQC-Report_FINAL_Send.pdf
** Global Risk Institute. (2023, December 22). 2023 Quantum threat timeline report.
https://globalriskinstitute.org/publication/2023-quantum-threat-timeline-report/