Arctiq recently had the privilege to attend Cloudflare Connect 2023 in Chicago on Nov 9th. One of the talks, in particular, has stayed present in my mind ever since.
In and among the thought leadership shared by a variety of speakers at the day-long conference it was the talk from Cloudflare cryptographic researcher, Luke Valenta, that has stayed with me. He shared his thoughts and research on post-quantum cryptography and how to best prepare for the post-quantum reality of tomorrow via the use of post-quantum cryptography standards that are being ratified by NIST today.
To illustrate the threat Luke shared that a threat actor, whom we will call Eve, may have the capacity to eavesdrop and record all of the communications between two parties, whom we will call Alice and Bob. They are storing the communications information with the intention of future decryption once they possess computing capabilities that have enough reasonable expectation of breaking the encryption. This threat concept is sometimes referred to as “Store Now, Decrypt Later” (SNDL) or commonly as “Harvest Now, Decrypt Later” (HNDL).
Figure 1: HNDL threat: Eve records all key exchanges and encrypted communications between Alice and Bob
The threat is that at some future point, Eve will have the computing power to decrypt the communications of Alice and Bob and will be able to see a complete history of communications between the two parties.
In other words, someone could be recording all of your network traffic now and may be able to read it all at some point in the future when quantum computing becomes readily available – unless, of course, you act now and prepare!
Figure 2: HNDL threat: Eve’s future decryption and reconstruction of all communications between Alice and Bob using quantum computing
The Canadian Centre for Cyber Security has also outlined this threat risk in their memorandum ITSAP.00.017. The White House issued a National Security Memorandum NSM-10 outlining this threat risk as well. Both governments are concerned that nation-states and other groups of actors will pose a national security risk in a post-quantum era if we don’t take the necessary steps to protect our critical data infrastructure.
There is a well-known NSA facility in Utah that is rumoured to be recording exabytes of information today. One can assume that when they have the capability to decrypt the information using quantum technology, everything they have recorded, which isn’t post-quantum protected, can be compromised.
Image: NSA Utah Data Center (UDC)
Don’t worry, keep reading, there are some concrete actions you can take today that will help mitigate this risk.
This threat is specifically enabled by quantum computing because of some known algorithmic attacks. The attack that will be realized earliest, is an attack on the most common key exchange algorithms used in Transport-Layer Security (TLS) encryption today. Shor’s algorithm is a quantum algorithm for finding the prime factors of an integer. The most common key exchange algorithm today, RSA, relies on an assumption that factoring large integers is computationally not possible. Quantum computing and Shor’s algorithm break this assumption.
The current defence against the HNDL thread is to modify the key exchange protocols to use the post-quantum cryptography standard, CRYSTALS/Kyber, to make it impractical for Eve to derive the keys and decrypt the recorded communications traffic, and to do so as soon as possible as it is a risk that Eve has already started recording and storing all of your communications traffic.
Figure 3: Mitigating the risks using post-quantum cryptography in key exchanges end-to-end
Through the use of this end-to-end post-quantum capability, the attacker, Eve, will be unable to decrypt and reconstruct the communications.
There will be additional layers of defence once the algorithms are standardized to protect the encryption of communications as well, though these standards have not yet been ratified. It is anticipated that a new encryption algorithm, CRYSTALS/Dilithium, will be used for encryption for post-quantum security.
Google has integrated CRYSTALS/Kyber into Chrome as of version 116, and it currently is not active by default. To use it you will need to activate it by enabling the flag. You can activate it in Chrome by visiting: chrome://flags/#enable-tls13-kyber
There are also some other post-quantum enabled clients. You can check your browser’s status for post-quantum algorithm support by visiting https://pq.cloudflareresearch.com/
Cloudflare has posted several blogs about the quantum thread and post-quantum cryptography:
- The Quantum Menace, describes the threat model and how it will manifest in the future.
- Defending against future threats, describes in detail the work that Cloudflare is undertaking to enable the algorithms and protocols required to secure your communications against the SNDL threat.
- Towards Post-Quantum Cryptography in TLS and Making protocols post-quantum, in which Cloudflare describes technical elements of changing the protocols that support TLS to be post-quantum ready.
- Introducing post-quantum Cloudflare Tunnel, detailing the use of post-quantum cryptography in your Cloudflared tunnels to ensure end-to-end security of communications.
- Post-quantum crypto should be free, where Cloudflare affirms their commitment to the security of your communications and how they are going to provide the post-quantum capabilities as part of their platform, at no extra charge.
- PQC to Origins, describing how you can use the post-quantum key-exchange protocol between Cloudflare and your origin systems to ensure end-to-end security and prevent anyone recording traffic from ever being able to eavesdrop on any segment of communications.
We here at Arctiq are excited that Cloudflare has done what is necessary to prepare the industry for a post-quantum world and we would welcome the opportunity to discuss how this can be applied to your business today.
Actions you should take as soon as possible to mitigate this risk:
- Identify the most sensitive areas of your communications and evaluate where you can implement post-quantum security measures as soon as possible.
- Use post-quantum cryptography for sensitive communications from your clients to your business, and ensure that communications security integrity is maintained from end to end.
If you are concerned about the risk posed by HNDL (or SNDL) and want to prepare your platforms and systems for the post-quantum world ahead, let us know.