The quantum computing era has officially arrived, which is a good thing. Quantum has the potential to advance our understanding of the world and make incredibly complex decisions faster than ever before. However, the bad news is that this new era also brings the ability to break current VPN encryption algorithms.
In response, governments, standards bodies, and network security vendors are working to ensure public networks remain secure from quantum computer-aided cybersecurity threats now and into the future. In fact, the National Institute of Standards and Technology (NIST) has recently announced three post-quantum cryptography (PQC) algorithms. This is great progress, but it also introduces the possibility of a new threat.
These new PQC algorithms will replace existing public-key cryptosystems that will become vulnerable to quantum-aided attacks. Since the new algorithms can be installed on existing VPN infrastructure through a software upgrade, they will provide an easy path for existing network VPN solutions to become “quantum safe.” This has led some network security vendors to claim that you should upgrade to their PQC solutions today.
Yet, relying solely on PQC solutions today may not be the safest bet. In fact, this approach may unintentionally create new security vulnerabilities in your network.
The uncertainty around post-quantum cryptography
The main reason for this skepticism is the novelty of the algorithms. PQC standards, such as those being considered by NIST, are still in the early stages of production grade implementation. Although they’ve undergone extensive theoretical testing, none have experienced widespread, real-world production use. The algorithms may seem strong on paper, but there’s no telling how they will fare against real attacks, whether from classical or quantum computers, once implemented at scale. It is entirely possible that these new algorithms, or their implementation, could reveal weaknesses when put to the test under real-world conditions.
One fundamental issue is that we won’t truly know how quantum-resistant these algorithms are until widespread application of quantum computing. It’s a catch-22: We need quantum-safe encryption before quantum computers arrive, but we won’t know for sure how secure these algorithms are until quantum computers are used outside research/academic settings. And there’s also a chance new vulnerabilities could be discovered by classical computing attacks that we haven’t yet anticipated.
The risk of classical attacks on PQC: The SIKE example
One significant risk is that even these promising PQC algorithms could still be vulnerable to classical (digital computer) attacks. A glaring example is the case of Supersingular Isogeny Key Encapsulation (SIKE), a post-quantum cryptographic algorithm that was once considered a strong candidate for quantum safety key exchange.
In 2022, SIKE was quickly broken by a conventional computer attack, demonstrating how vulnerable even theoretically sound PQC can be. This underscores the need for caution in adopting PQC algorithms too quickly, as they may not be as resilient as expected—particularly when faced with highly sophisticated attacks from classical computers.
The inherent risk of going fully PQC now
Given these potential vulnerabilities, vendors who suggest rushing to fully implement PQC today by replacing existing classical algorithms solely with PQC algorithms may be acting recklessly. One of the biggest concerns is the lack of clear standards on how to implement these algorithms securely.
While the cryptographic community is working on defining these standards, we are still in the experimental phase. The libraries and tools that would enable secure, large-scale deployment of PQC are not yet mature. Without well-established, non-experimental upstream cryptographic libraries, any implementation of PQC algorithms runs the risk of being insecure by design, leading to potential vulnerabilities rather than enhanced security.
A quantum-safe strategy: hybrid approaches
So, what options do organizations have if PQC alone isn’t a silver bullet? A more cautious, resilient approach might lie in hybrid cryptographic strategies, which combine the strengths of classical cryptography with quantum-resistant techniques.
Hybrid PQC is one such approach. It combines traditional encryption algorithms (like RSA or ECC) with post-quantum algorithms, offering a layered defense. If one algorithm is compromised, the other can still provide security. This dual-layer encryption can serve as a transitional phase, allowing organizations to continue using well-established classical cryptosystems while preparing thoroughly for the quantum era.
Another promising approach involves Quantum Key Distribution (QKD). QKD leverages the principles of quantum mechanics to create and distribute encryption keys. While QKD isn’t susceptible to quantum computing attacks, it does have practical limitations, such as requiring dedicated fiber optic lines and high costs. Therefore, it may be a while before it sees widespread adoption. However, it’s definitely a strong option for organizations with high security requirements and the resources to invest in futureproofing their encryption.
Additionally, Symmetric Key Establishment (such as Distributed Symmetric Key Establishment, or DSKE) offers another comparable-to-QKD alternative to supplement potentially vulnerable key distribution mechanisms like Diffie-Hellman key exchange with additional, out of band, key material. Combining symmetric keys with Diffie-Hellman (RFC8784) can bolster overall security and ensure resistance against classical and quantum computer attacks.
Certainty in uncertainty: Plan for an uncertain future
The advance of quantum computers looms large over the future of encryption, but it is not the immediate danger. Today, the greater concern is ensuring compliance with a rapidly evolving regulatory landscape while adopting a quantum-safe strategy that doesn’t rely on untested algorithms.
Juniper believes an approach that incorporates both classical and post-quantum cryptographic methods offers the best defense against the prevailing uncertainty of quantum computing. Hybrid PQC solutions, combined with options like QKD and Symmetric Key Establishment, provide flexibility and resilience in the face of evolving threats.
Preparing for a quantum-safe future requires agility, foresight, and a willingness to adopt new encryption techniques as they mature. But above all, it requires the understanding that the quantum threat, while significant, is not our greatest enemy today.
You can learn more about how Juniper Beyond Labs is working with an ecosystem of partners to develop crypto-agile, quantum-safe VPN solutions, including a broad portfolio of quantum-safe key solutions, by visiting us here.
