Migrating Applications to Post-Quantum Cryptography: Beyond Algorithm Replacement
Publication Date
2020-01-01 00:00
Security Theme
Cybersecurity
Keywords
Post-Quantum Cryptography (PQC), Hybrid PQC, Network Security, Cybersecurity
Description
Post-Quantum Cryptography (PQC) defines cryptographic algorithms designed to resist the advent of the quan-tum computer. Most public-key cryptosystems today are vulnerable to quantum attackers, so a global-scaletransition to PQC is expected. As a result, several entities foment efforts in PQC standardization, research,development, creation of Work Groups (WGs), and issuing adoption recommendations. However, there isa long road to broad PQC adoption in practice. This position paper motivates ongoing and future researchon this topic. It describes why migrating to PQC is necessary and gathers evidence that the “hybrid mode”can help the migration process. Finally, it stresses that there are risks yet to be considered by the literature.Quantum-safe protocols are being evaluated, but more attention (and awareness) is needed for the softwareand protocols at the application layer. Lastly, this position paper gives further recommendations for a smotherPQC migration
Migrating Applications to Post-Quantum Cryptography: Beyond Algorithm Replacement
Post-Quantum Cryptography (PQC) defines cryptographic algorithms designed to resist the advent of the quan-tum computer. Most public-key cryptosystems today are vulnerable to quantum attackers, so a global-scaletransition to PQC is expected. As a result, several entities foment efforts in PQC standardization, research,development, creation of Work Groups (WGs), and issuing adoption recommendations. However, there isa long road to broad PQC adoption in practice. This position paper motivates ongoing and future researchon this topic. It describes why migrating to PQC is necessary and gathers evidence that the “hybrid mode”can help the migration process. Finally, it stresses that there are risks yet to be considered by the literature.Quantum-safe protocols are being evaluated, but more attention (and awareness) is needed for the softwareand protocols at the application layer. Lastly, this position paper gives further recommendations for a smotherPQC migration