Mobile solutions company BlackBerry is to beef up its security tools to deal with the emerging threat from quantum computing. It is adding a quantum-resistant code signing server to its array of cryptography tools. The company claims the solution will: “..allow software to be digitally signed using a scheme that will be hard to break with a quantum computer.”
The solution will be available in November 2018 and will use cryptographic libraries from ISARA Corporation. While it is not addressing an imminent threat, this is a prudent move. BlackBerry is targeting those devices that will be around for decades and that could be vulnerable to a quantum hack. In making this decision, it is hoping to show that the vulnerability of older control systems in critical national infrastructure (CNI) and healthcare equipment can be mitigated if not entirely avoided.
In a statement, Charles Eagan, Chief Technology Officer, BlackBerry said: “Quantum computing will solve groundbreaking problems in healthcare, transportation, astrophysics, government, and many other fields; however, it also gives bad actors the potential to crack traditional public key cryptosystems and then attack the underlying data they protect.
“By adding the quantum-resistant code signing server to our cybersecurity tools, we will be able to address a major security concern for industries that rely on assets that will be in use for a long time. If your product, whether it’s a car or critical piece of infrastructure, needs to be functional 10-15 years from now, you need to be concerned about quantum computing attacks.”
What is the risk from quantum computing?
The concerns of the cryptography industry focus on something IBM researchers call Q Day. This is the point where quantum cryptography is expected to be stable enough to break or threaten a large number of cryptography standards.
IBM has said that schemes such as RSA 1024, RSA 2048, ECC 256 and ECC 384 will have no security against a quantum computing attack. For AES 128 and AES 256, they would become little more than 64 bits and 128 bits respectively. This is significant. 128 bits is felt to be the threshold of resistance to quantum computing attacks. This means that data encrypted with RSA, ECC and AES 128 could be broken. It means there is a considerable risk of data that has to be stored for long periods being decryptable in the future.
Another risk, and one that goes to what BlackBerry is targeting, is the forging of code signing. It would allow, for example, malicious code to be signed and distributed as a trusted code update. It also threatens Certificate Authorities as it would undermine the trust in certificates.
There is a bigger risk here. IBM has shown analysts and some journalists a list of the impact on a wider set of cryptography and security protocols. This highlights those that will be broken and those that will need to be reassessed.
What is being done about it?
In April 2016, the National Institute of Standards and Technology (NIST) published a paper called Post-Quantum Cryptography (PQC). It makes for sober reading and was the start of a move to beef up cryptography.
The paper kicked off a call for proposals to solve this problem in December 2016. It set out a timescale that will see new approaches to cryptography analysed over several years before draft standards are set out in 2021. The goal is that by 2024 there will be a new set of standards fit for a PQC world. The current timeline can be seen here.
Last year, there were 69 submissions for new algorithms to NIST although 5 of those have now been withdrawn. Over the next three years, the committee will run a series of workshops and tests to validate the remainder.
The challenge, however, is that quantum computing is picking up speed. At the moment, the various quantum computing instances are not stable for very long. Talking to the different vendors, they are talking of times in the hundreds of microseconds. However, that is beginning to accelerate with the expectation that we will see milliseconds by early 2019 and potentially a second or more by 2020.
BlackBerry and ISARA
ISARA is involved in two different NIST projects. These are:
QC-MDPC KEM: ISARA solely submitted this code-based Key Encapsulation Mechanism for consideration, and
Qtesla: a lattice-based digital signature algorithm, a result of a joint effort between several research organizations, including ISARA Corp.
It is not clear which of the libraries, that BlackBerry is planning to use, are related to either of these. What is clear is that ISARA is making significant inroads into those businesses who recognise the long-term risk. It has signed deals that will work with DigiCert and Gemalto, in recent weeks. Now it has announced this deal with BlackBerry.
ISARA believes that using Shor’s algorithm it can deliver libraries that are quantum resistant today. It may be right but there is the question of whether Shor alone is sufficient. Another question is what happens as the libraries evolve over time? Will they leave older encrypted data out in the cold? Will that data need to be re-encrypted? We have emailed ISARA asking for more details around these questions.
What does this mean
Like any new generation of computing, quantum will bring good things and bad things. Security researchers have seen cybercriminals use advanced analytics, big data and AI to gain an advantage. They also expect them to start using any public quantum cryptography projects as soon as they can.
At the same time, governments and intelligence agencies have their own quantum computing goals. These will include the ability to break existing data encryption standards and protocols. Given the rise of the state sponsored hacker, some governments are also likely to make that research available to “friendly bad actors”. This is a scenario that has many cybersecurity experts worried.
There is a lot of concern that the NIST timescale is not aggressive enough. If we are at quantum instances stable for seconds by sometime in 2020, waiting until 2024 for standards is a problem. Vendors will need time to incorporate new standards into their products. Organisations will then need time to deploy, encrypt and revisit old data. All of this will require massive amounts of compute, storage and networking resources.
With other major standards changes we have seen people rush into using early versions. These often create medium to long-term issues especially in terms of compatibility and stability. Standards bodies have a history of making decisions to remove things at the last moment. ISARA is banking on it being able to deliver solutions that will survive any standards issues. BlackBerry, and others, are banking on that.