CCCCatalyzing the computing research community and enabling the pursuit of innovative, high-impact research.
  • Twitter
  • Facebook
  • Youtube
  • Rss
  • About
    • About CCC
    • Council Members
    • Council Meetings
    • CCC Council Nominations
    • Governing Documents
    • FAQ
    • Contact
  • Visioning
    • Visioning Activities
      • 2022
      • 2021
      • 2020
      • 2019
      • 2018
      • 2017
      • 2016
      • 2015
      • 2014
      • 2013
      • 2012
      • 2011 and Prior Years
    • Workshop Reports
    • RFP – Creating Visions for Computing Research
    • Blue Sky
    • CS for Social Good White Paper Competition
    • Robotics Roadmap
  • Leadership Development
    • Call for Council Nominations
    • Leadership in Science Policy Institute
    • Big Data Regional Hubs
    • Postdoc Best Practices
      • Postdoc Best Practice Final Reports
      • Postdoc Best Practice Resources
    • CIFellows
      • CIFellows 2021
      • CIFellows 2020
      • CIFellows 2020: For the Record
      • CI Fellows 2014 Workshop
      • 2011 Class
      • 2010 Class
      • 2009 Class
      • Assessment
      • Diversity
      • Success Stories
  • Task Forces
    • Computing Challenges to Humanity: Climate
    • Research Ecosystem Working Group
    • NextGen AI
    • Unique Ways to Compute
    • Socio Technical Resilience
    • Computational Challenges in Healthcare
    • Past Task Forces
      • AI Working Group
      • Weird Ways to Compute
      • Security, Integrity, and Trust
      • Future of Life in a Hybrid World
      • Computing Challenges to Humanity
  • Resources
    • CCC Call for Content
    • Workshop Reports
    • CCC-Led White Papers
    • Presentations
    • CCC Responds to the Community
    • Recent CCC Activities
    • Ongoing CCC Activities
    • CIFellows Spotlight
    • Great Innovative Ideas
    • Event Videos
    • Catalyzing Computing Podcast
    • Computing Research in Action
    • Computing Research Highlights
  • Events
    • Upcoming Events
    • Special Events
    • Past Events
    • CCC at AAAS
      • CCC at AAAS 2023
      • CCC at AAAS 2022
      • CCC at AAAS 2020
      • CCC at AAAS 2019
      • CCC at AAAS 2018
      • CCC at AAAS 2017
      • CCC at AAAS 2016
      • CCC at AAAS 2013
  • CCC by CS Area
    • AI /ML / Robotics
    • Architecture / Systems / Networking
    • Databases / Informatics / Data Science / HPC
    • Human-Computer Interaction / Graphics / Visualization
    • IoT / Ubiquitous
    • Programming Languages / Compilers / Software Engineering
    • Security / Privacy / Fairness
    • Theory / Algorithms
    • Miscellaneous
  • Blog
  • Podcast
  • Search
  • Menu

Identifying Research Challenges in Post Quantum Cryptography Migration and Cryptographic Agility


   Workshop Report   

January 31-February 1, 2019

Washington, DC
Washington D.C., DC, USA



Event Contact

Ann Drobnis
adrobnis@cra.org
2022662936


Event Type

2019 Events, 2019 Visioning Activities


Event Category

CCC

Overview

The implications of sufficiently large quantum computers for widely used public-key cryptography is well documented, and increasingly discussed by the security community. An April 2016 report by the National Institute of Standards and Technology (NIST), notably, calls out the need for new standards to replace cryptosystems based on integer factorization and discrete logarithm problems, which have been shown to be vulnerable to Shor’s algorithm. Specifically, widely used RSA, ECDSA, ECDH, and DSA cryptosystems will need to be replaced by post-quantum cryptography (PQC, also known as quantum-resistant cryptography) alternatives. To realize this, NIST has actively led a PQC standardization effort since December of 2016, leveraging a large and international research community.  The effort is expected to take five or more years to vet proposals, and to select alternatives that are believed to be secure against both quantum and classical computers.

While NIST’s standardization effort aims to determine which PQC algorithms are robust enough to provide suitable alternatives for the threat of quantum computers, that effort does not address the problem of migration from today’s widely deployed algorithms to future PQC alternatives. There are some important reasons why this migration problem has urgency to many industries and governments worldwide: risk stemming from an uncertain quantum computing development timeline, the time and complexity of migration (historically, cryptographic standards migrations can take a decade or more), concern over the possibility of “data vaulting” (in which an adversary captures encrypted data for later attack when quantum computers become available), and the likelihood that migration considerations will inform NIST’s evaluation of PQC proposals.

The overall objective of this workshop was to identify academic research challenges in PQC migration and cryptographic agility.  That is, organizers wanted to identify aspects of the complex and global migration to new public-key cryptography standards that could benefit from a more rigorous study and analysis.  The technical space broadly centered around two key themes:

  1. Identifying constituent challenges in PQC migrationWhile the NIST PQC standardization effort looks in depth at cryptographic algorithms, workshop organizers believe there is a rich space of challenges to be addressed surrounding the application of candidate algorithms to specific contexts and understanding how migration will be accomplished.

    How well do PQC families and specific approaches “fit” or “not fit” a broad range of public-key cryptography usage domains–PKI, key management systems, authenticated web communication (TLS), secure point-to-point communication (SSH), transport security (IPSec), key agreement, identification and authentication, password authenticated key exchange (PAKE), and more? For each domain and platform type, what migration approaches will support the transition to new PQC algorithms without loss of interoperability and functionality during the transition period?  What is the attack surface and risk profile associated with each approach? Can these approaches be shared across platforms and application contexts to develop migration frameworks? Are there frameworks that can be applied transparently to protocols or systems that lack inherent migration mechanisms?

  2. Reimagining the scope and science of “cryptographic agility”While “cryptographic agility” is frequently seen as a narrow implementation concern (i.e., the ability to replace component algorithms), we believe there is a need to broaden and recast the scope of agility to that of developing secure frameworks that enable ongoing cryptographic advancements in a wide variety of system, protocol, and application contexts.

    Could there be a principled science of cryptographic agility that more rigorously considers a broad spectrum of frameworks, a robust analysis of correctness and security, a deeper understanding of attack surfaces, and an exploration of domain-specific (e.g., protocol, application, system) issues? What does it mean for an algorithm, a piece of code, a protocol, an application, a system, an entire infrastructure to be cryptographically agile?  What are the defining challenges, problem domains, and applications of cryptographic agility, broadly defined?

To discuss these challenges, the workshop brought together researchers and thought leaders from three distinct communities: PQC researchers who are involved in the design and analysis of cryptographic algorithms, applied cryptography researchers who focus more extensively on the application and implementation of cryptography to a variety of spheres, and systems security researchers who use cryptography as a building block in real-world security architectures and solutions (e.g., trusted computing, cloud security).

Agenda

January 31, 2019 (Thursday)

04:00 PM Welcome Reception | Seaport
05:00 PM Introduction / Event Overview | Seaport
05:15 PM Group Introductions | Seaport
05:45 PM Dinner- Served | Seaport
06:15 PM Dinner- Context Setting | Seaport
06:30 PM Dinner- Unstructured 5-minute Comments | Seaport
07:45 PM Adjourn | Seaport

February 1, 2019 (Friday)

08:00 AM Breakfast | Seaport 2
08:30 AM Introduction / Event Overview | Seaport 1
08:45 AM Theme 1: PQC Migration | Seaport 1
09:00 AM Breakout Group Discussion | Seaport 1, Marina, The Slip
10:00 AM Group Reports | Seaport 1
10:30 AM Break | Seaport 1
11:00 AM Theme 2: Cryptographic Agility | Seaport 1
11:15 AM Breakout Group Discussion | Seaport 1, Marina, The Slip
12:15 PM Lunch | Seaport 2
01:15 PM Group Reports | Seaport 1
01:45 PM Break | Seaport 1
02:15 PM Theme 3: TBD | Seaport 1
02:30 PM Breakout Group Discussion | Seaport 1, Marina, The Slip
03:30 PM Group Reports | Seaport 1
04:00 PM Closing Group Discussion | Seaport 1
04:30 PM Workshop Ends | Seaport 1
Organizers

Organizing Committee:

David Ott, VMware
Conte
Christopher Peikert, University of Michigan
DeBenedictis

With Support From:

Mark Hill, University of Wisconsin, Madison and CCC Chair
Hill
Ann Drobnis, CCC Director
Yelick
Chris Ramming, VMware
Ganesh
CRA - Uniting Industry, Academia and Government to Advance Computing Research and Change the World.
CCC - Catalyzing the computing research community and enabling the pursuit of innovative, high-impact research.
Increasing the Success and Participation of Underrepresented Groups in Computing Research.
CRA-E - Addressing society’s need for a continuous supply of talented and well-educated computing researchers.
CERP - Promoting diversity in computing through evaluation and research.
Increasing interaction between industry partners and other organizations involved in computing research for the benefit of all.
CRA Home | Contact Us | Unsubscribe/Removal of Information | Terms of Use         © Copyright 2021 - CRA
Artificial Intelligence Roadmap Workshop 2 – Interaction Artificial Intelligence Roadmap Workshop 3 – Self Aware Learning
Scroll to top