Post-quantum cryptography: waiting isn’t an option

A safe SD-WAN and SASE architecture uses standard cryptographic algorithms like ECC and RSA-2048. These are based on mathematical problems that are difficult to solve. Such asymmetric cryptography relies on those problems to make use of one-way functions, that is, functions that are easy to calculate in one direction, but whose inverse is mathematically difficult to calculate. “RSA, for example, is based on factoring large numbers, while other algorithms rely on discrete logarithms,” Peter explains.

Asymmetric algorithms are difficult to solve, but not impossible to crack. “Academics Peter Shor and Lov Grover developed algorithms three decades ago that break the cryptographic algorithms commonly used for key exchange and digital signatures to this day,” Peter recalls. “The current generation of quantum computers lacks the scale to decrypt information using the Shor and Grover algorithms. But the further development of quantum computers makes the threat acute.”

“Quantum computers make use of qubits which, due to their unique properties such as superposition, interference and entanglement, are capable of working much more efficiently and faster than the most powerful standard supercomputers for certain mathematical calculations,” says Kristof Spriet, Smart Network Solutions Lead at Proximus NXT. “Especially calculations in which probability and parallel processing play a large role. An attacker with a quantum computer could, in time, decrypt encrypted information, affect the reliability of digital signatures and damage the integrity of business communication, among other things.”

Cryptographically relevant quantum computers are being developed rapidly now. When they will appear on the market is difficult to estimate precisely. Gartner expects that the progress in quantum computing will make asymmetric cryptography unsafe by 2029 and fully breakable by 2034. “That may seem far off, but it concerns every business today. Data that are still adequately secure at the moment will not be after the arrival of quantum computers. Hackers are already anticipating this. They are saving information that we communicate, process or store now, to crack it later with a quantum computer,” says Kristof.

That tactic – ‘harvest now, decrypt later’ – compels organizations and businesses to take action now. Legislatures will also contribute to that urgency. Peter Spiegeleer: “The American National Institute of Standards and Technology (NIST) stipulates that in 2030, most standards for public key cryptography – including ECDSA, RSA, EdDSA – are to be discouraged, and will be disallowed as of 2035. In addition, we assume that the NIS2 legislation will impose specific rules in the foreseeable future, among other things. So sitting back is not an option.”

The key to proactively safeguarding data and communication lies in the implementation of post-quantum encryption algorithms in both hard- and software. Post-quantum cryptography is the collective name for all forms of cryptography on classical computers that will remain secure after the arrival of cryptographically relevant quantum computers.

In 2016, NIST initiated a Post-Quantum Cryptography project in which it encouraged cryptographers and academics to develop algorithms that cannot be cracked with the aid of either standard computers or quantum computers. “Experts from dozens of countries submitted approximately eighty candidate algorithms that met the requirements that NIST had set,” Peter explains. “After a third round in 2024, NIST ultimately selected three algorithms as an initial basis for its post-quantum security standards: ML-KEM, ML-DSA and SLH-DSA.”

That milestone provided organizations with a framework to prepare for the migration towards post-quantum cryptography. For Proximus it also constituted the starting signal for the rollout of its internal post-quantum procedure. That started with a Quantum Readiness Assessment. “That exercise consisted of a series of workshops and interactive sessions to improve and share our insights and preparedness. It resulted in a quantum-safe heatmap, specific areas for action and a step-by-step plan,” Peter clarifies.

In the second phase, which is starting now, the experts from Proximus are converting the insights acquired into architecture patterns and the appropriate migration techniques. The cryptographic Bill of Materials (cBOM) is a standardized overview that maps out exactly which cryptographic components (algorithms, keys, protocols) are used where in a network or application. Kristof stresses that this inventory is crucial. “It’s on the basis of the CBOM, among other things, that a business impact analysis will determine where the priorities for migration lie. We make use of automation tools and analyze the network traffic to identify all the vulnerabilities and detect where updates or migrations are most strongly indicated. Patient data, for example, have a higher priority than messages that you send today, but that in a few years – when cryptographically-relevant quantum computers arrive – will be outdated and of little value.”

The cBOM includes all the cryptographic assets, ranging from algorithms to key lengths to certificates, applied in software, hardware and the cloud. The cBOM helps organizations ensure that the cryptography is always standards-compliant. The communication and IT infrastructure of organizations evolves constantly. So you, as a business, need to manage the risks not just once, but constantly.

Kristof points out the importance of cryptographic agility or crypto-agility. “NIST assesses the three selected post-quantum cryptographic algorithms to be the safest, most reliable and most practical. It bases this on the current knowledge about a future threat. There is a chance that those PQC algorithms will evolve or that new mechanisms will supplement or even replace the selection. Cryptographic agility ensures that you implement the cryptographic protocols, products and systems in a way that makes it possible to still make changes with minimal effort.”

Proximus’ own post-quantum assessment provided a wide range of new insights. Peter: “Such a process offers the opportunity to examine your entire cryptography. Inevitably that exercise will reveal previously unknown vulnerabilities. As a business, you are always a link within a much wider network. It comes down to auditing your providers in the area of cryptography too to ensure that they likewise operate in line with the PQC strategy.” According to Kristof, that applies in the fields of both communication and hardware. “For example, you want to avoid a situation in which your SD-WAN provider still uses outdated algorithms. I also advise striving for continuity within hybrid environments and cloud databases.”

Both experts agree that the road to quantum security and cryptographic agility involves considerable effort. “Doing nothing is not an option, however. I advise businesses and organizations to begin the inventory process now and lay the foundation for the actions to be taken. It’s a process that we support from Proximus NXT with our own experience in order to achieve best practices.”