{"id":517259,"date":"2024-05-02T09:00:00","date_gmt":"2024-05-02T13:00:00","guid":{"rendered":"https:\/\/www.commvault.com\/?p=517259"},"modified":"2024-05-06T11:37:30","modified_gmt":"2024-05-06T15:37:30","slug":"future-proofing-your-data-post-quantum-cryptography-and-beyond","status":"publish","type":"post","link":"https:\/\/www.commvault.com\/blogs\/future-proofing-your-data-post-quantum-cryptography-and-beyond","title":{"rendered":"Future-Proofing Your Data: Post-Quantum Cryptography and Beyond\u00a0"},"content":{"rendered":"\n

Enter the looming threat of quantum computing. These powerful machines harness the power of quantum mechanics to solve problems more quickly than traditional computers. This includes cracking the key and encryption standards that safeguard our world of data. This is where post-quantum cryptography (PQC) comes in, and why Commvault has chosen to implement it to safeguard your data.  <\/p>\n\n\n\n

Why We Need PQC<\/strong> <\/p>\n\n\n\n

Many of the asymmetric and symmetric cryptography algorithms we use to protect data from prying eyes rely on mathematical problems factoring in large numbers. While these are difficult for classical computers to crack, quantum computers solve these mathematical problems significantly faster, making what was once thought impossible very much possible. \u00a0\u00a0<\/p>\n\n\n\n

This could leave any sensitive information that is normally encrypted, such as credentials, emails, financial data, and medical records, exposed. You might think the threat of quantum computing is five to ten years away, but anyone who recently attended the keynote at Ignite\/Reinvent\/Next would know that quantum computing resources are already available and the technology is rapidly advancing. And now it\u2019s available to anyone, including malicious actors. The question is, how do you shield your organization? <\/p>\n\n\n\n

A Multi-Faceted Approach: Bigger Keys, Better Locks, and PQC<\/strong> <\/p>\n\n\n\n

Although full-fledged PQC algorithms are still on the way to being standardized, there are steps we can take now to bolster our defenses. One approach is to increase cryptography key lengths on symmetric algorithms, so it takes a longer time to crack encryption with brute-force attacks. This is very similar in principle to increasing the number of pins in a tumbler lock. The more pins the lock utilizes, the more difficult and time consuming it is to crack. The larger and more complex the key is, the harder and longer it takes to replicate or guess. <\/p>\n\n\n\n

Secure Post-Quantum Data Encryption<\/strong> <\/p>\n\n\n\n

AES encryption has long been the industry standard algorithm for secure symmetric encryption, and in the near term it will continue to be relatively sufficient in securing against quantum brute-force attacks, as long as high key sizes are utilized<\/em>. Commvault already has standardized data encryption on AES-256, which is the highest supported key length for AES.  <\/p>\n\n\n\n

To put things into perspective, we can look at Grover\u2019s algorithm<\/a> to demonstrate the potential threat of brute-force attacks. Grover\u2019s algorithm is a commonly known algorithm used to solve complicated mathematical problems. It also can be used to speed up password brute-force attacks, especially when executed on quantum computers.  <\/p>\n\n\n\n

With Grover\u2019s algorithm, the time to crack AES-256 encryption still would be impractical due to the key size (it effectively halves the key size) and because the current generation of quantum computers is not quite powerful enough. So, AES-256 is still a viable encryption algorithm in the foreseeable future. <\/p>\n\n\n\n

Secure Post-Quantum Communication<\/strong> <\/p>\n\n\n\n

When it comes to the asymmetric encryption algorithms (public-key cryptography) that are used for secure communication and digital signatures, things look bleak. This is one of the cryptographic areas at highest risk of impact by quantum computing since RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography) algorithms are severely weakened by quantum computers.  <\/p>\n\n\n\n

Following public calls to action to develop PQC standards, the National Institute of Standards and Technology (NIST) coordinated the solicitation, evaluation, and selection of candidate algorithms for PQC starting in 2016. As of December 2023, the final post-quantum algorithms have been selected, and NIST has begun drafting the standard guidance and publications<\/a> around them. <\/p>\n\n\n\n

Commvault has taken the first steps in incorporating some of the upcoming PQC standards to improve secure communication. Two key components needed to be updated to provide quantum protection: <\/p>\n\n\n\n

    \n
  1.         Key exchange and encapsulation:<\/strong> Establishes a symmetric encryption key during TLS setup.  <\/li>\n\n\n\n
  2.         Signature generation and verification:<\/strong> Creates a chain of certificates and authenticates parties involved in the TLS setup, preventing man-in-the-middle attacks.  <\/li>\n<\/ol>\n\n\n\n

    The traditional key exchange algorithm, ECDH (Elliptic-curve Diffie-Hellman), is susceptible to attacks with the advent of quantum computers. CRYSTALS-Kyber<\/strong>, a NIST-approved post-quantum algorithm, serves as a replacement for ECDH.  <\/p>\n\n\n\n

    However, a secure TLS connection requires more than just key exchange. Both ECDH and Kyber are vulnerable to man-in-the-middle attacks. This necessitates the use of a certificate chain and signed\/verified messages during TLS setup. Conventional cryptography relies on RSA with large private\/public key sizes (2048, 3072, etc.) for this purpose. NIST has recommended post-quantum alternatives for RSA, which includes: <\/p>\n\n\n\n