NTT DATA publishes a white paper summarizing points to remember when migrating to Post-Quantum Cryptography (PQC)

Explaining the key points of building a secure information infrastructure for the quantum computer era

October 3, 2023

NTT DATA Group Corporation

TOKYO – Oct 3, 2023 – NTT DATA, a global digital business and IT services provider, has published a white paper which has summarized points to remember when migrating existing cryptographic technologies used in various information infrastructures to Post-Quantum Cryptography (PQC).

Recently, there have been a number of announcements regarding the development, operation, and commercialization of quantum computers, and the day when quantum computers will be used in daily life is drawing near.
While quantum computers are expected to have faster processing speeds that far exceed those of supercomputers, they also carry the risk of making it easier to decipher encrypted data that is currently considered difficult to decipher, and preparations for their widespread use are progressing in countries around the world.

NTT DATA has been conducting research and development on quantum computers from both offensive and defensive aspects of utilization and security. This paper summarizes the latest trends in PQC and points to remember when migrating to a secure information infrastructure.

Background

The practical application of quantum computers is expected to accelerate advances in various fields such as materials development, medicine, finance, logistics, and AI, and improve the convenience of society and life. On the other hand, from the perspective of "cryptographic technologies" which are widely established in society as a whole, mainly in the financial field, there are concerns that quantum computers will be able to decipher existing encrypted data. In anticipation of these times, "Store now, decrypt later attack"*1 is beginning to be seen as a threat, in which attackers collect encrypted data over a long period of time now and attempt to decrypt it in the future when the performance of quantum computers has improved.

Against this background, the U.S. National Institute of Standards and Technology (NIST) estimates appearing the quantum computers capable of breaking RSA cryptosystems with the key length of 2048 bits by around 2030, and is proceeding with the standardization of Post-Quantum Cryptography (PQC). NIST decided on four public-key cryptographic algorithms as PQC in July 2022, and is expected to establish them as FIPS*2 standardization documents by 2024. Additionally, NIST has begun additional public applications for digital signatures category, continuing to standardize PQC.

Overview of the white paper

In this white paper, firstly we will introduce the PQC standardization at NIST, from its beginnings to the latest trends. Next, we summarize the following seven points to remember when migrating public-key cryptographic algorithms embedded in the information infrastructure of IT systems to PQC.

  1. Data size may increase
  2. Processing speed may be slow
  3. Increase crypto-agility*3
  4. Consider re-encrypting if encrypted data is stored in the system
  5. If using TLS hardware, is there enough time for procurement?
  6. Continuous collection of information published by NIST, SOG-IS*4, etc.
  7. Understand the PQC functions provided by the cloud service provider

Furthermore, we define the migration process to PQC and provide an overview of it.

White Paper

About the future

NTT DATA will continue to accurately understand the PQC standardization activities in NIST. Based on this information, we will work with our customers to resolve issues when migrating their IT system to PQC. Through these activities, we aim to become a partner trusted by our customers over the long term.

Note

  • *1 Also called "Capture now, decrypt later attack" or "Harvest now, decrypt later attack".
  • *2 FIPS is an abbreviation for Federal Information Processing Standards. FIPS is a set of standards and guidelines for computer systems established by NIST in the United States based on the Federal Information Security Management Act (FISMA).
  • *3 Crypto-Agility is a concept proposed by NIST. It refers to various improvements in design, implementation, and operation that allow the conventional encryption method used in an IT system to be quickly switched to another encryption method when it is compromised.
  • *4 SOG-IS is an abbreviation for Senior Officials Group Information Systems Security, and is a group that manages mutual recognition agreements among multiple countries in Europe. The SOG-IS Crypto Working Group has updated guidance documents on cryptographic algorithms, key lengths, and expiration dates almost every two years since 2016.

About NTT DATA

NTT DATA – a part of NTT Group – is a trusted global innovator of IT and business services headquartered in Tokyo. We help clients transform through consulting, industry solutions, business process services, IT modernization and managed services. NTT DATA enables clients, as well as society, to move confidently into the digital future. We are committed to our clients' long-term success and combine global reach with local client attention to serve them in over 50 countries. Visit us at nttdata.com.

Contact

NTT DATA Group Corporation
Technology and Innovation General Headquarters
System Engineering Headquarters
Cyber Security Department
security-contact@kits.nttdata.co.jp