Entrust, a provider of trusted identities, payments, and data protection solutions, has announced four new solutions to assist businesses in preparing for the security challenges and opportunities posed by quantum computers.
While not yet powerful enough, advances in quantum computing threaten the integrity of traditional asymmetric encryption algorithms, with the potential to enable brute force attacks that succeed in minutes rather than years. Post quantum (PQ) cryptography is the development of new cryptographic approaches that can be implemented using today’s computers but are resistant to attacks from tomorrow’s quantum computers.
The National Institute of Standards and Technology (NIST) has released a list of PQ safe algorithms that will be resistant to these attacks. Despite the fact that these algorithms are being reviewed by academics and industry, security-conscious organizations must begin work immediately in order to be fully prepared for a post-quantum future. This includes conducting due diligence on the short-listed algorithms’ adoption in their cryptographic ecosystem.
“Post-quantum computing is an inevitable threat to cybersecurity. While it is unclear when exactly the post-quantum threat will become real, it is generally expected to occur within the decade. The migration to quantum-safe algorithms can take several years, so the time to prepare for post-quantum is now,” said Anudeep Parhar, Chief Information Officer at Entrust. “Entrust is at the forefront of post-quantum cryptography. We are participating members of the Internet Engineering Task Force (IETF), and we are also participants in the NIST PQ competition. Through growth initiatives and investment in solutions, we are helping our customers today to prepare for tomorrow.”
Entrust has released four new products today to assist organizations in assessing their cryptographic posture and integrating quantum resistant algorithms into their encryption workflows and services. The new offerings are as follows:
The Entrust Cryptographic Health Check, which employs advanced crypto discovery tools to bring hidden and unknown crypto into the light so that it can be assessed and brought into compliance, is expanding to include PQ elements. In addition, the offering prepares organizations for crypto-agility by performing compliance testing on a complete cryptographic inventory.
Entrust offers a beta release of a new option pack that provides a software development suite of cryptographic functions based on NIST PQ shortlisted algorithms running within a representative Entrust nShield Hardware Security Module (HSM) environment for organizations conducting preparatory PQ cryptography testing. This sandbox environment supports a variety of PQ cryptographic operations such as key generation, encryption, decryption, signing, verifying, and key exchange. It allows developers to test PQ algorithms, invoke crypto operations via Java calls, and execute code in a secure test environment backed by a quantum safe root of trust.
Available as a beta release, this pluggable Java toolkit provides a way for organizations to integrate quantum safe algorithms into their digital certificate generation workflows. It is being made available to organizations who want to start building secure applications with PQ cryptography and supports composite certificate draft standards and traditional single algorithm certificates. Entrust has developed this toolkit to support the National Institute of Standards and Technology (NIST) post quantum development and is a round 3 signature finalist in the NIST competition.
In a PQ environment, Public Key Infrastructure (PKI) providers will need to issue hybrid or composite certificates combining classical and quantum safe algorithms. By providing a hosted PKI as a Service offering, Entrust can provide customers with composite and pure quantum Certificate Authority hierarchies. This will give organization’s the ability to test multi-certificates or composite certificates with their applications, with the added benefit that these will be underpinned by Entrust nShield HSMs.