Entrust, a leading provider of trusted identities, payments, and data protection solutions, has introduced four new solutions aimed at helping organisations prepare for the security challenges and opportunities presented by quantum computers.
While not powerful enough to do so today, advances in quantum computing threaten the integrity of traditional asymmetric encryption algorithms, with the potential to empower brute force attacks that will succeed in minutes rather than years. Post quantum (PQ) cryptography is the development of new cryptographic approaches that can be implemented using today’s computers, but will be impervious to attacks from tomorrow’s quantum ones.
The National Institute of Standards and Technology (NIST) has published a short-list of PQ safe algorithms which will be resilient to these attacks. Although these algorithms are undergoing review from academics and industry, security-conscious organizations need to start work now in order to be fully prepared for a post quantum future. This includes carrying out due diligence by investigating the adoption of the short-listed algorithms in their cryptographic ecosystem.
To help organisations start preparing for this future now, Entrust is making available four new products designed to help organisations to assess their cryptographic stance and integrate quantum resistant algorithms into their encryption workflows and services. The new offerings are, the expansion of the cryptographic Center of Excellence to support PQ preparedness; the Entrust Cryptographic Center of Excellence consulting portfolio – which provides actionable recommendations to remediate identified risks in crypto systems – is evolving to help organisations prepare to manage the challenges of PQ. The upcoming updates to the Crypto Agility Maturity Assessment will help organizations identify their readiness to manage the introduction of PQ algorithms and provide a roadmap to achieve the required level of crypto agility; and the Entrust Nshield Post Quantum Cryptography option pack.
For customer wishing to prepare for a PQ world and are looking to evaluate the use of NIST PQ shortlisted algorithms running within a representative Entrust Nshield Hardware Security Module (HSM) environment, Entrust offers an advanced preview of a new option pack that provides a software development suite of cryptographic functions based on NIST PQ shortlisted algorithms running within a representative Entrust Nshield Hardware Security Module (HSM) environment.
This sandbox environment supports a range of PQ cryptographic operations including key generation, encrypt, decrypt, sign, verify and key exchange. It enables developers to test PQ algorithms, invoke crypto operations via Java calls and execute code within a secure test environment underpinned by a quantum safe root of trust.
Available as a beta release, this pluggable Java toolkit provides a way for organizations to integrate quantum safe algorithms into their digital certificate generation workflows. It is being made available to organizations who want to start building secure applications with PQ cryptography and supports composite certificate draft standards and traditional single algorithm certificates. Entrust has developed this toolkit to support the National Institute of Standards and Technology (NIST) post quantum development and is a round 3 signature finalist in the NIST competition.
In a PQ environment, Public Key Infrastructure (PKI) providers will need to issue hybrid or composite certificates combining classical and quantum safe algorithms. By providing a cloud-based PKI as a Service offering, Entrust can provide customers with composite and pure quantum Certificate Authority hierarchies. PQ via PKIaaS is expected to be available to applicants as a beta in April 2022 and will give organisations the ability to test multi-certificates or composite certificates with their applications, with the added benefit that these will be underpinned by Entrust Nshield HSMs.
“Post-quantum computing is an inevitable threat to cyber security. While it is unclear when exactly the post-quantum threat will become real, it is generally expected to occur within the decade. The migration to quantum-safe algorithms can take several years, so the time to prepare for post-quantum is now,” said Anudeep Parhar, Chief Information Officer at Entrust. “Entrust is at the forefront of post-quantum cryptography. We are participating members of the Internet Engineering Task Force (IETF), and we are also participants in the NIST PQ competition. Through growth initiatives and investment in solutions like those announced today, we are helping our customers today to prepare for tomorrow.”