FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography.pptx
Download as PPTX, PDF•0 likes•491 views
FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography
FIDO Seminar: Evolving Landscape of Post-Quantum Cryptography.pptx
- 1. FIDO Alliance Seminar, Dallas 2025 Evolving Landscape of Post-Quantum Cryptography H a i d e r I q b a l D i r e c t o r P r o d u c t M a r k e t i n g , I A M
- 2. Evolution from Classical to Quantum Computing 0 1 0 1 BIT QUBIT Quantum computers have the ability to solve really complex problems, much faster Classical computers are still better for your word processing Both are likely to coexist in the foreseeable future and to complement each other Theoretically, a quantum computer with 4,099 qubits can break RSA-2048 in a matter of seconds* *Source: https://postquantum.com/post-quantum/4099-qubits-rsa/ Still highly contested and debatable
- 3. Evolution of Quantum Computers – Where do we stand? 0 1 Qubit isn’t the only factor Atom Computer boasts about 1,200 qubits IBM Condor is 1,121 qubits Also a game of Quality and Stability 90% of a system’s computational resources can be consumed by error correction tasks Microsoft’s Majorana 1 example Image Source: https://azure.microsoft.com/en-us/blog/quantum/2025/02/19/microso ft-unveils-majorana-1-the-worlds-first-quantum-processor-powered-by- topological-qubits/ Reference: “ Quantum Threat Timeline Report 2024 Executive Summary”, Dr. Michel e Mosca, Dr. Marco Piani; Global Risk Institute in Financial Services (GRI) How far are we from the threat? Risk of a Cryptographically Relevant Quantum Computer (CRQC) 34% of experts, optimistically, believe 10 years
- 4. Post-quantum Cryptography (PQC) Quantum-resistant or Post- quantum Cryptography Based on mathematical techniques Lattice-based, Multivariate, Hash-based, Code-based Quantum Key Distribution (QKD) Based on principles of physics, not mathematics Requires special equipment Limited in range Quantum Random Number Generation (QRNG) Based on and harnesses inherent randomness quantum mechanics
- 5. Most Pressing Threats F O R G E D SI G N A T U R ES Impersonate entities Load malicious SW/FW on long life devices Create fraudulent financial transactions Redirect funds M A N I N TH E M I D D LE A T T A C KS Access secure systems Compromise military command and control Disrupt critical infrastructure Interfere with elections H A R V E ST N O W , DE C R Y PT L A TE R Intercept classified comms Expose government secrets Perform corporate espionage Access personal information
- 6. CRYPTOGRAPHICALLY RELEVANT QUANTUM COMPUTER (Z) 5 YEARS Imminence of the Threats 2025 2030 2035 CRYPTOGRAPHICALLY RELEVANT QUANTUM COMPUTER (Z) 10 YEARS MIGRATION TIME (Y) 3 YEARS DATA SHELF LIFE (X) 5 YEARS Quantum Computer in 10 years SAFETY MARGIN 3 YEARS DANGER ZONE! 3 YEARS Quantum Computer in 5 years Based on Mosca’s Theory
- 7. Migration Dependencies Algorithms Protocols Hardware Integrate/Test Deploy MIGRATION TIME (Y) 3 YEARS
- 8. Algorithm Standards Algorithms ML-DSA FIPS 204 (Aug’24) LMS/XMSS SP800-208 (Oct’20) SLH-DSA FIPS 205 (Aug’24) ML-KEM FIPS 203 (Aug’24) FN-DSA FIPS TBD (Draft’25;Final’26) On-Ramp FIPS TBD (Draft’29?) Classic McEliece ISO 18033 TBD Frodo-KEM ISO 18033 TBD FN-DSA FIPS TBD (Draft’25;Final’26) “HQC” FIPS TBD (Final’27?) TBD China TBD TBD China TBD KPQC - TBD S. Korea TBD KQPC - TBD S. Korea TBD Crypto-Agility is the key for future proofing Legend Key Encapsulation Signature
- 9. Transition Regulations Algorithms US – NIST & NSA 2027: CNSA: PQ ‘safe’ 2030: RSA/ECC deprecated 2031: CNSA: non-PQC phased-out 2035: Full transition to PQC (non PQC-safe prohibited) UK - NCSC 2028-2031: high-priority upgrades + refine plans. 2031-2035: complete migration to PQC. EU (18 Member States) 2030: Mitigate SN-DL attacks Full transition to PQC 2035. TBD: EU published deadlines May ‘25 Australia 2030: Full transition to PQC PQC-able by 2030 – PQC Native by 2035
- 10. Protocols Protocol Standards IETF TLS v1.3 SSH IKEv2 LAMPS (PKIX & S/MIME) CMS COSE PQUIP WG FIDO GSM + ETSI/SAGE Global Platform ENISA EUCC
- 12. Imagining the future of Authentication intertwined with PQC Initial Authentication Continuous Authentication Brain Computer Interface
- 13. What’s the plan of action?
- 15. Build a future-proof Crypto Agile Strategy Quantum-resistant or Post- quantum Cryptography Based on mathematical techniques Lattice-based, Multivariate, Hash-based, Code-based Quantum Key Distribution (QKD) Based on principles of physics, not mathematics Requires special equipment Limited in range Quantum Random Number Generation (QRNG) Based on and harnesses inherent randomness quantum mechanics
- 16. PQC: A long, complex journey…one that you need to start today! Assessment Testing and Transition to Crypto Agility Quantum safe Evolve with the standards NIST-certified Random Number Generators As Standards are approved, implement and re-certify Build ecosystem Changing algorithms, protocols, key can be costly, complex, time-consuming & needs multiple players Go Hybrid Classic & Quantum crypto Support classic and Q-safe Algorithm modes Conduct PQC Risk Assessment Preparation and migration strategy, with priority management Create Crypto Inventory Crypto Discovery Build ecosystems that are standards dependent. Today, time for PoCs, experiments, announcements Set up a test environment Encryption and Key Management Hygiene Test on priority applications Transition and switch to PQC Remain flexible with Crypto Agility
- 17. Thank You Haider Iqbal Director Product Marketing, IAM
Editor's Notes
- #2: From this source: https://postquantum.com/post-quantum/4099-qubits-rsa/ It’s a figure that crops up in countless discussions about quantum computing and cybersecurity: 4,099 qubits. That’s the widely cited number of quantum bits one would need to factor a 2048-bit RSA key using Shor’s algorithm – in other words, the notional threshold at which a quantum computer could crack one of today’s most common encryption standards. The claim has an alluring simplicity: if we could just build a quantum machine with a few thousand perfect qubits, decades of RSA-protected secrets would fall in seconds. But where does this “4,099 logical qubits” figure actually come from, and what does it really mean? The story behind it reveals both how far quantum algorithms have come and how much further quantum hardware needs to go.
- #6: X is the “security shelf life” (the longest protection interval we care about, assuming that the data is protected starting today)Y is the “migration time” (the time it takes to design build, and deploy the new infrastructure)Z is the “collapse time” (the time it takes for a sufficiently large quantum computer to become operational, starting from today)National Academies of Sciences, Engineering, and Medicine. 2019. Quantum Computing: Progress and Prospects. Washington, DC: The National Academies Press. https://doi.org/10.17226/25196.
- #8: ML-KEM: Module-Lattice-based Key Encapsulation Mechanism (CRYSTALS-Kyber) ML-DSA: Module-Lattice-Based Digital Signature Algorithm (CRYSTALS-Dilithium) Best for TLS/SSL authentication with many connections, code signing for software updates and digital certificates SLH-DSA: Stateless Hash-Based Digital Signature Algorithm (previously SPHINCS) Uses long-lived keys. Good for firmware signing. Apps where absolute highest confidence is needed, even at the cost of performance. It is STATELESS LMS/XMSS: Leighton-Micali Signature / eXtended Merkle Signature Scheme Used for firmware signing, long-lived infrequent signing keys. It is STATEFUL. Faster signing compared to SLH-DSA
- #9: US: IR 8547, Transition to Post-Quantum Cryptography Standards | CSRC CSI_CNSA_2.0_FAQ_.PDF UK: Timelines for migration to post-quantum cryptography - NCSC.GOV.UK EU: Securing Tomorrow, Today: Transitioning to Post-Quantum Cryptography Australia: 22. ISM - Guidelines for cryptography (March 2025).pdf
- #10: With the initial tranche of algorithms standardized, protocol evolution and standards updates have kicked into high gear. The IETF is doing a lot of heavy lifting with certificate management and issuance, as well as the data-in-motion protocols. These efforts will provide the foundational trust and communications protection for everything that relies upon PKI infrastructure. FIDO is updating their allowed cryptography list to include quantum safe algorithms and acceptable security strengths to align with their certification levels, as well as documenting migration strategies. Similarly for Global Platform. ENISA is updating cryptographic guidance which will inform many Common Criteria certification efforts. GSM + ETSI/SAGE are also providing guidance and updating many standards, to include 3GPP & 5G standards
- #11: Algorithm efficiency – the quantum safe algorithms are not drop-in replacements in terms of performance, public key size, or signature size. Hardware Lead-times – the lifecycle of instantiating, optimizing, testing, and producing specialized hardware has a multi-year runway, so solutions which require dedicated hardware will be lagging the algorithm standardization processes. Sovereign differences – despite widespread agreement on some quantum safe algorithms, that agreement is not universal. Furthermore, operational concerns such as the use of hybrid cryptography (i.e. using classic along with the quantum safe algorithms) is not universally agreed. Certification Lead-times – in addition to the certification bodies having to update their standards and testing processes, they also have a natural latency which introduces a delay of certified products into the marketplaces that requirement. Full Supply Chain – it’s not sufficient to just deliver products that are quantum safe – vendors must also ensure their build and delivery pipelines are quantum safe as well. For example, things like code signing, delivery of BOMs to manufacturers, etc. The full supply chain needs a quantum safe story.