ATA e-Business Program Change Requests

Annex 9 - Post-Quantum Cryptography (a.k.a. Quantum-Safe Cryptography)

Post-Quantum Cryptography (PQC) / Quantum-safe Cryptography (QSC) Guidance

While it is still at an early stage of development, the Quantum Computing (QC) technology is continuously progressing, putting an increasing risk to the cryptography used today everywhere in the general IT domain, e.g. within public key infrastructures, digital certificates and digital signature services, secure communication services and protocols, data encryption solutions... The cryptographic standards currently used to protect sensitive data and communications will eventually be broken by quantum computers, in a timeframe predicted by some to take place towards the end of the next decade. Specifically, the RSA and ECC algorithms are susceptible to such advances, as a Quantum Computer with sufficient QBits (Quantum Bits) can use Shor’s algorithm to potentially break these algorithms in near real time.

Peter Shor (after whom the algorithm is named), proposed in 1994 an algorithm that could be used to factor the product of large primes (upon which the cryptographic strength of RSA is based), or calculate discrete logs (upon which the cryptographic strength of ECC is based). His algorithm requires (for RSA) the use of key-size QBits + 1 in an error proof Quantum computer to break RSA in near real time. Another potential threat to current cryptographic systems is Grover’s algorithm, which can theoretically be used on Quantum Computers to help break AES and SHA. However, this attack is “only” able to halve the key strength (so AES-256 or SHA-256 would only have 128 bits of security). Therefore, using larger key sizes (AES-512 or SHA-384 or SHA-512) would be the correct path to protect information that requires greater than 128 bits of security.

Since it remains an emerging technology, Quantum computers are not available today for wide public usage and many hurdles remain to be overridden before Quantum Computing technology arrives on the market as a practical service. However, huge research and financial efforts have been ongoing worldwide for several years by private sector and governments, resulting in a continuous increase of capabilities and computation power of quantum computers. Many organizations and researchers believe that such a computer would become available in as few as 15 years, mostly available under the form of “Quantum as a Service” (QaaS) solutions that would permit any organization to access and use quantum computing services without possessing their own machines. Moreover, it is possible that some significant progress achieved in Quantum Computing by governmental organizations remain unpublished for a certain amount of time, inducing an undetected increase of the risk for the overall community. 

Additionally, it shall be noted that the combination of Quantum Computing, Artificial Intelligence technologies, and enhanced classical computing could still increase the rate of depreciation of a significant part of current cryptography (1), making it still more necessary to get prepared to adopt new Post-Quantum Cryptographic algorithms throughout the global IT world.

From the perspective of the threat posed to current cryptography, standardization efforts have been launched for several years to define a whole new set of Post-Quantum Cryptographic algorithms relying on mathematical schemes that, by their intrinsic nature, are not endangered by Quantum Computing capabilities. Also, the US Office of Management and Budget has issued an order (M-23-02) (Migrating to Post-Quantum Cryptography [https://www.whitehouse.gov/wp-content/uploads/2022/11/M-23-02-M-Memo-on-Migrating-to-Post-Quantum-Cryptography.pdf]), which was followed by the issuance of National Security Memorandum 10 (NSM-10) (National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems [https://www.whitehouse.gov/briefing-room/statements-releases/2022/05/04/national-security-memorandum-on-promoting-united-states-leadership-in-quantum-computing-while-mitigating-risks-to-vulnerable-cryptographic-systems]). Similar guidance and warnings have been issued by other entities such as ETSI (2,3,4,5,6) to support service providers, and more widely the whole industry, relying on IT services in the complex process of PQC migration.

Given the complexity of PQC migration and the long development and deployment lifecycles of systems within the Aerospace community, avionics vendors, OEMs, and other actors within the community are encouraged to start efforts to investigate moving to cryptographic algorithms that are safe against Quantum Computers.  A particular care and effort shall be done by each entity, prior to any migration actual decision, to elaborate an exhaustive inventory of their cryptographic assets to evaluate their criticality and prioritize the assets to be migrated. Such inventory would help entities to assess and anticipate any significant decision that could have to be made, e.g. need of system upgrade or redesign if PQC algorithm cannot be natively supported by the asset to be migrated.

Another important aspect to consider in the frame of the PQC migration is the opportunity to introduce cryptographic agility into the system specifications, permitting to reduce over time the level of burden and impacts of any further cryptographic evolution or migration. Crypto agility should be considered as a requirement for the design (or re-design) of any system relying on cryptographic functions.

A future version of this specification will suggest specific guidance on the use of algorithms and migration strategies. For now, such guidance is pending on the completion of the NIST Post-Quantum Cryptography competition, and the completion of the integration of the resulting algorithms in standards from the IETF, OASIS (W3C), and other bodies.