How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?

Blog

14
- Dec
2023
Posted by: Jordi Prieto Gallego
How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?

The quantum threat to cryptography

The arrival of the quantum computing era marks a turning point in technological development, introducing a level of data processing that exponentially surpasses that of current computers. This transition to advanced computational capacity, while promising great advances, brings with it significant challenges. Of particular importance is the significant impact it has on current cryptographic schemes, which face an unprecedented threat in terms of security.

Conventional cryptographic algorithms, fundamental to ensuring security in the digital age, are based on the inherent complexity of certain mathematical problems that are intractable for traditional computers. These problems, such as the factorization of large integers and the discrete logarithm, form the basis of algorithms like RSA, Diffie-Hellman (DH), and the Elliptic Curve Digital Signature Algorithm (ECDSA). However, in the quantum computing paradigm, where qubits allow for the simultaneous representation of multiple states and the performance of calculations in superposition, these mathematical problems can be addressed and solved efficiently. This directly endangers the integrity of cryptographic systems that until now were considered secure, posing a scenario in which traditional cryptographic security could be easily compromised with the presence of sufficiently advanced quantum computers.

Although quantum computers with disruptive capabilities are not yet a reality, it is crucial that products handling sensitive data over long periods or with high security requirements begin to migrate to more advanced cryptographic systems. This need arises from the risk associated with "store now, decrypt later" attacks, which are based on the possibility that information encrypted today could be easily decrypted in the future by a quantum computer.

The solution: transition to post-quantum cryptography

To address these challenges, post-quantum cryptography emerges as the key solution. These new algorithms are designed to be secure against attacks from quantum computers, based on mathematical problems that, to date, are considered resistant to quantum capabilities. Currently, NIST is carrying out a standardization process for these algorithms, which will need to be adopted. However, since this area is still in development, it is recommended to adopt a hybrid solutions approach that combines traditional and post-quantum cryptographic methods, thus providing a robust and adaptable security framework during this transition phase.

Algorithm Type
CRISTALS-Kyber Key Establishment
FrodoKEM Key Establishment
CRYSTALS-Dilithium Digital Signature
Falcon Digital Signature
SPHINCS+ Digital Signature

The Spanish National Cryptologic Center (CCN) has positioned itself as a leader in the transition to security in the quantum era, issuing specific recommendations for the adoption of post-quantum algorithms such as CRYSTALS-Kyber, FrodoKEM, and SPHINCS+. In addition, the CCN emphasizes the importance of implementing hybrid solutions as soon as possible. These guidelines are becoming standardized requirements for products approved in its CPSTIC catalog, indicating an evolution towards stricter security regulations in anticipation of quantum challenges. Moreover, these requirements are starting to become part of the cryptographic evaluation processes: the Cryptographic Mechanism Evaluation Methodology, designed by CCN in collaboration with jtsec, includes evaluation requirements related to post-quantum cryptography.

How can we assist you in the adaptation and certification of your products and services for the quantum era?

For vendors, adaptation to post-quantum cryptography is now a strategic priority. Cryptographic consulting services, like those offered by jtsec, are fundamental in this process. The experts at jtsec can guide developers in adapting their products to the emerging realities of the quantum era, ensuring compliance with evolving security standards and keeping them competitive in a constantly changing technological environment. Anticipation and adaptation to post-quantum cryptography are essential to ensure security and long-term relevance in the future technological landscape.

We assist you in:

  1. Evaluation and Adaptation: We perform a detailed evaluation of your products to identify key areas that require adaptation to post-quantum cryptography, ensuring a smooth and secure transition.
  2. Certification and Compliance: We ensure that your products are aligned with the latest security standards and help you navigate the certification process using the Cryptographic Mechanism Evaluation Methodology.

At jtsec, we not only respond to current cybersecurity needs but also anticipate and prepare for future challenges.

Jordi Prieto Gallego/Cripto Specialist and Entropy Analyst

With a strong foundation in physics and mathematics, Jordi excels at jtsec Beyond IT Security, focusing on FIPS 140-3 consultancy, cryptographic analysis, and entropy assessment according to SP 800-90B and AIS-31 standards. He stands out in post-quantum cryptography and entropy source analysis, integrating physical and mathematical principles to solve complex cryptographic challenges. Recognized with the IBM Quantum Certificate of Quantum Excellence, Jordi combines passion and skill at the intersection of physics and cryptography. His primary motivation is to help clients and developers understand and integrate robust cryptographic solutions for the quantum era.


Contact

Send us your questions or suggestions!

By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.