Crypto-Agility: Preparing for the Coming Post-Quantum Apocalypse
At the pace quantum computing is advancing in scale and maturity, current encryption keys could be broken within the decade. Whoever wins the quantum computing race could trivially gain access to national security systems and enterprises, and break the confidentiality of virtually every system on the internet.
If this “Cryptopocalypse” happened now, encrypted communications and data – both live and anything recorded from the past – could be decoded and read by the attacker. Software code signing would no longer be valid, ruining the integrity of the software build process for applications everywhere. There would be an almost total failure of trust in the internet, the devices on it, and even cryptocurrencies.
The Need for Crypto-Agility
On May 4, 2022, the White House released a National Security Memorandum entitled “Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems” and outlined the threat in no uncertain terms:
“Most notably, a quantum computer of sufficient size and sophistication — also known as a…. CRQC — will be capable of breaking much of the public-key cryptography used on digital systems across the United States and around the world. When it becomes available, a CRQC could jeopardize civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most Internet-based financial transactions.”
Existing devices face immediate obsolescence. Assuming a “Quantum-proof” cryptographic algorithm becomes available before a CRQC can attack, how do we go about retrofitting every system on the planet to use it? Many devices have cryptographic modules installed at the hardware layer that would need to be physically replaced. How do we avoid these costly “forklift” upgrades?
To make the migration to post-quantum algorithms not only possible, but practical, NIST has stressed the importance of “cryptographic agility”, which refers to design features that enable future updates to cryptographic algorithms and standards without the need to modify or replace the surrounding infrastructure. According to the White House memo, cryptographic agility will be central to the migration effort to “both to reduce the time required to transition and to allow for seamless updates for future cryptographic standards.”
Especially with devices with long deployment times (10+ years) such as Internet of Things (IoT), we need the ability to deploy them today and securely and inexpensively upgrade them in the future to post-quantum cryptography. If we later discover that this new cryptography has weaknesses, we will also need the ability to securely and inexpensively upgrade them at that point.
How Gradient is Making Crypto-Agility a Reality
While our primary focus is addressing the root causes behind nation state attacks and eliminating phishing and stolen credentials as concerns – to prevent breaches before they happen – we have our sights on strategic threats such as quantum computing as well.
Gradient has developed and rolled out a new technology designed to enable crypto-agility for businesses, governments, and society at large — our crypto-agile bootloader.
What’s so important about some low-level firmware that manages the boot process of a computing system? It enables any computing system that integrates this technology now to be securely and remotely upgraded at any time in the future, with new algorithms and a new cryptographic identity to make it resilient to quantum attacks.
Any system so equipped will be future-proofed — no forklift upgrades and no costly factory service or field truck roll upgrades needed (assuming that’s even possible). And no scrambling to update entire technology stacks or infrastructures if newly standardized algorithms continue to show vulnerabilities. Managing Cryptographic risk is now as simple as making a remote software upgrade.
We see crypto-agility as a necessary capability of secure hardware. Gradient’s Cybersecurity Mesh has already integrated this capability as part of its services infrastructure. And, with our crypto-agile bootloader deployable to endpoints, Gradient makes this kind of upgrade possible for those as well. In contrast, conventional HSM or TPM approaches will need to be retrofitted in the field with new hardware, costing an anticipated hundreds of billions of dollars globally.
The Time is Now for Post-Quantum Resiliency
We’re in a race against time. With the Gradient crypto-agile bootloader, any device shipped today could be securely and remotely upgraded behind the scenes to any quantum resistant cipher suites in the future.
Ready to see it in action? Schedule a demo today