Increasing commercial interest in Post-Quantum Cryptography (PQC) is being fed by (1) the selection of four PQC standards by NIST in 2022, together with (2) sped-up scenarios for quantum computers able to crack conventional encryption schemes. The PQC market is potentially huge. Consider that, with an assist from a quantum computer, Shor’s algorithm can be used to break RSA encryption and that 50% of the top million websites are still using RSA. Based on such trends here are aspects of PQC that we think will generate revenues in 2023 and beyond. We discuss more of the commercial aspects of PQC in the new report, “Post-Quantum Cryptography: Market Opportunities After NIST”
#1 Competitive advantage: Improved performance of PQC products: Today’s PQC products are not yet up to the task that they have been prepared for. They are still a long way from being drop-in replacements for common pre-quantum quantum algorithms such as RSA, Elliptic Curve Diffie-Hellman, and Elliptic Curve Digital Signature Algorithm (ECDSA). Areas where PQC vendors can achieve competitive advantage over the current generation can be found in improved key size, signature size, error handling, number of execution steps, and key establishment complexity. A few examples here. The keys used by the PQC scheme CRYSTALS- Kyber are significantly larger than the keys used by similar variations on RSA. In some cases, post-quantum algorithms also take more time or processing power to run.
#2 Hybrid solutions: PQC for right now: It seems highly likely future product design changes in such areas will result in both improved performance and reliability for PQC products and competitive advantage for the suppliers of such products. We also anticipate an interim hybrid stage of PQC product development that combine well-established classical algorithms are well established. This combination most likely means that data is safe as long as at least one of the two methods is safe with the likelihood of some performance improvements over “pure” PC.
Until quantum computers start to become a real and ubiquitous threat – some years from now – hybrid solutions may be good enough. And until the new PQC algorithms are tested by real world quantum challenges we don’t know for sure whether they have their own vulnerabilities, leading to new generation of post-post-quantum cryptography as it were. In many ways, hybrid is where we are right now. For example, AWS offers a hybrid key exchange option for TLS which combines elliptic curve Diffie-Hellman (ECDH) with the post-quantum KEM Kyber-512.
Also, it will be many years before PQC reigns supreme and cybersecurity professionals will (perhaps forever) balancing off computational complexity, resource usage and high levels of security.
#3 Users may pay for cryptoagility: It can’t be emphasized enough that PQC is at its earliest stage of development. PQC vendors are therefore obliged to message cryptoagility in its messaging. By cryptoagility we mean the ability of a PQC product available today to take on more advanced features as these become available. The promise of cryptoagility may be kept in the form of regular upgrades or in the form of “upgrade ready” marketing – which has traditionally been so common high-tech product markets.
In this context we definitely don’t mean to give the impression that upgrades are just a matter of marketing. In some cases – an example might be an embedded device acting as a TLS server – special hardware acceleration may be required.
#4 PQC “Spring cleaning” services: End users will not be able to rely entirely on technology to implement PQC. What will also be needed will be a spring cleaning of sorts which will begin with an inventory to discover obsolete information archives and records and then securely disposing of information that is no longer needed. This process will also identify the vulnerabilities most in need of post-quantum upgrades. End users of the information that remains may have to be re-authenticated and interim solutions such as more complex passwords may have to be introduced.
It could be years before PQC is fully in use and while today’s PQC providers are waiting for their next-generation PQC products to sell, they could be charging “quantum spring cleaning for a fee” to end users. Here we note that Google is working on developing PQC for its cloud offering, while also assisting
customers manage the transition to PQC. We note also that the National Cybersecurity Center of Excellence (NCCoE) has released a preliminary guide on practices for migrating from legacy cryptography to quantum-resistant cryptography. The draft document, NIST Special Publication (SP) 1800-38a, has already been published.
The above-listed opportunities characterize where we are now. They are a good indication of where we are now with commercial PQC and where we are headed in the near-term future. However, look to 2024, which is when NIST is expected to publish a final version of the draft standards for the next big leap forward in PQC.