Migrating to Post-Quantum Cryptography: a Framework Using Security Dependency Analysis

Quantum computing is emerging as an unprecedented threat to the current state of widely used cryptographic systems. Cryptographic methods that have been considered secure for decades will likely be broken, with enormous impact on the security of sensitive data and communications in enterprises worldwide. A plan to migrate to quantum-resistant cryptographic systems is required. However, migrating an enterprise system to ensure a quantum-safe state is a complex process. Enterprises will require systematic guidance to perform this migration to remain resilient in a post-quantum era, as many organisations do not have staff with the expertise to manage this process unaided. This paper presents a comprehensive framework designed to aid enterprises in their migration. The framework articulates key steps and technical considerations in the cryptographic migration process. It makes use of existing organisational inventories and provides a roadmap for prioritising the replacement of cryptosystems in a post-quantum context. The framework enables the efficient identification of cryptographic objects, and can be integrated with other frameworks in enterprise settings to minimise operational disruption during migration. Practical case studies are included to demonstrate the utility and efficacy of the proposed framework using graph theoretic techniques to determine and evaluate cryptographic dependencies.Comment: 21 Page

Making Existing Software Quantum Safe: Lessons Learned

In the era of quantum computing, Shor's algorithm running on quantum computers (QCs) can break asymmetric encryption algorithms that classical computers essentially cannot. QCs, with the help of Grover's algorithm, can also speed up the breaking of symmetric encryption algorithms. Though the exact date when QCs will become "dangerous" for practical problems is unknown, the consensus is that this future is near. Thus, one needs to start preparing for the era of quantum advantage and ensure quantum safety proactively. In this paper, we discuss the effect of quantum advantage on the existing software systems and recap our seven-step roadmap, deemed 7E. The roadmap gives developers a structured way to start preparing for the quantum advantage era. We then report the results of a case study, which validates 7E. Our software under study is the IBM Db2 database system, where we upgrade the existing cryptographic schemes to post-quantum cryptography (using Kyber and Dilithium schemes) and report our findings and learned lessons. The outcome of the study shows that the 7E roadmap is effective in helping to plan the evolution of existing software security features towards quantum safety