Taking Steps to Prepare for Quantum Advantage
Today, digital systems that manage sensitive information often use public-key encryption techniques to protect access to that information. These techniques are based on mathematical computations that conventional computer systems cannot readily solve. However, it is believed that quantum computers will be able to use quantum algorithms to quickly calculate the right solutions and break the encryption. (See our previous blog post on post-quantum cryptography for more details.)
Post-quantum cryptography (or PQC, also known as quantum-proof cryptography, quantum-safe cryptography, or quantum-resistant cryptography) refers to cryptographic algorithms that are expected to be resistant to an assault by a quantum computer. The industry’s goal with PQC is to develop cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing communications protocols and networks.
The U.S. National Institute of Standards and Technology (NIST) initiated a process to solicit, evaluate, and standardize one or more quantum-resistant cryptographic algorithms. The new standards will provide the world with its first widely adopted tools to protect sensitive information from this new kind of threat. Technology companies in every sector are investing in developing the technology, processes, and tools necessary to secure existing systems, and preparing to implement the new standards once they are finalized.
Akamai at the cryptography forefront — then and now
Akamai isn’t just investing in those efforts; our CEO and Co-Founder, Tom Leighton, developed a digital signature algorithm that NIST is now recommending to help defend cryptography against quantum attacks. Tom started his career by analyzing the original RSA encryption algorithm at what was then the National Bureau of Standards (now NIST).
It was during that time that he developed the aforementioned algorithm. Tom went on to work on cryptography at the Massachusetts Institute of Technology alongside the creators of the RSA encryption algorithm: Ron Rivest, Adi Shamir, and Leonard Adelman.
We are confident that Akamai can help prepare our customers to be quantum-ready. This strategy is in line with guidance from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and NIST to start preparing for the implementation of PQC by establishing a quantum-readiness roadmap and aligning it with vendors.
Preparing for quantum advantage
A primary consideration for PQC is when systems will achieve “quantum advantage.” This moment, called “Q-Day,” refers to the point in time when cryptographically relevant quantum computers (CRQCs) can break common (classic) cryptographic protocols by using quantum algorithms.
Although the anticipated timeline for the arrival of Q-Day varies widely due to a number of factors, businesses must take steps to mitigate the risk that threat actors will harvest sensitive data now to decrypt it later. Once a quantum computer managed by a threat actor achieves quantum advantage, all previously harvested data could then be decrypted easily, exposing the payload and its contents.
In the meantime, we are joining the industry to further adopt (nonstandardized) hybrid key exchange algorithms to help mitigate the “harvest now, decrypt later” threat that is emerging, especially within the context of the transport layer system (TLS) protocol.
Following a three-phased approach
Early on, Akamai invested in infrastructure upgrades that allowed for the rapid adoption of PQC modules as they are published by standards bodies. We plan to take a phased approach to support end-to-end PQC on our platform.
Our initial deployment will focus on three steps in the transport flow on our CDN platform: Akamai-to-origin, client-to-Akamai, and Akamai-to-Akamai.
Phase one: Akamai-to-origin
Our engineers are currently beta testing PQC modules for each leg of the flow, starting with the Akamai-to-origin leg.
Customers who already have deployed support for the hybrid key exchange on their origins have seen positive results with hardening their data in transit for quantum-resistance. This service will be available in the second half of 2024, and will be enabled using our professional services.
Phase two: Client-to-Akamai
In the next phase, we will extend our PQC offering to the client-to-Akamai transport leg in order to harden customer data from the “harvest now, decrypt later” threat, regardless of their own post-quantum readiness. This service will be available in early 2025.
Phase three: Akamai-to-Akamai
In our final customer transport phase, we will bring PQC to the Akamai-to-Akamai leg of the transport flow in the first half of 2025. This phase will enable end-to-end PQC, hardening each leg of the transport flow.
With a rapidly evolving landscape of PQC and the ongoing standardization efforts by NIST and the Internet Engineering Task Force (IETF), our phase timelines may change. However, we are optimistic that the roadmap we’ve outlined here will help customers meet their post-quantum goals as we defend their data and continue to evolve the security posture of our traffic.
For more information
Akamai is committed to staying ahead of quantum computing threats and safeguarding the security of our customers' data. We will provide regular updates on our PQC implementation progress via this blog. For additional information or questions, please contact your account representative.