MurmurCast
TechnicalDiscussion

PP107: Why Now’s the Time to Prepare for a Post-Quantum World (Sponsored)

The Everything Feed - All Packet Pushers Pods51m 3s

Cisco's Han Li and Jay Sharma join the Packet Protector podcast to argue that post-quantum cryptography (PQC) is an urgent network issue, not just a future security concern. They explain how advances in quantum algorithms and hardware are accelerating the timeline, discuss the 'harvest now, decrypt later' threat, and outline practical steps organizations should take now. They also cover the technical impacts of PQC on network protocols, key sizes, and hardware procurement.

Summary

The episode opens with hosts Drew and JJ framing post-quantum cryptography (PQC) as a pressing concern that IT professionals can no longer defer. Cisco's Jay Sharma and Han Li are brought on to make the case for why immediate, practical engagement with PQC is necessary.

Jay Sharma begins by contextualizing the history of quantum computing, noting that Shor's algorithm—the mathematical basis for breaking RSA encryption—has existed since 1994. He highlights a critical 2023 development from NYU researcher Oded Regev, whose team optimized Shor's algorithm to reduce the number of logical qubits required to break RSA-2048 from roughly 25 million down to approximately 92,000—a greater than 90% reduction. Simultaneously, more cryptographically relevant quantum computers are coming online, making the convergence of efficient algorithms and capable hardware a near-term threat rather than a distant one.

Han Li expands on the threat landscape by introducing two major attack vectors: 'harvest now, decrypt later' (HNDL), where adversaries are already collecting encrypted data to decrypt once quantum computers are available, and firmware/software integrity attacks, where quantum computers could be used to extract private signing keys and create legitimate-looking malicious firmware for network devices.

The hosts press on why this is a network engineer's problem, not just a security team's issue. Both guests argue that networking and security are inseparable, and that foundational network protocols like IPsec, MACsec, TLS, SSH, and even device boot processes rely on cryptography that is vulnerable to quantum attack.

On practical steps, Jay outlines a phased approach: first, inventory all cryptographic algorithms in use across the network; second, prioritize based on data sensitivity and exposure (WAN before LAN, for instance); third, understand compliance mandates such as CNSA 2.0, which requires quantum-resistant cryptography for US federal equipment procurement starting January 1, 2027. Han describes a three-level framework: Level 1 focuses on secure communications protocols (IPsec, MACsec, TLS); Level 2 addresses secure boot integrity; Level 3 covers certificate infrastructure and PKI.

The guests explain the technical differences between classical and post-quantum algorithms. Classical algorithms like RSA and ECC rely on number theory (integer factorization), which Shor's algorithm can efficiently solve on a quantum computer. Post-quantum algorithms like ML-KEM and ML-DSA are based on lattice geometry—finding the shortest vector in a multi-dimensional space—which remains computationally hard even for quantum computers due to inherent randomness. However, these algorithms come with significantly larger key and certificate sizes: ML-KEM keys are approximately 1,200 bytes compared to 32 bytes for classical equivalents, and ML-DSA signatures approach 2,500 bytes. This has real network implications including MTU/fragmentation issues, increased load on load balancers, and longer initial handshakes.

Jay and Han emphasize that Cisco has been engaged with standards bodies (NIST, IETF, IEEE) for years and has supported predecessor PQC algorithms since 2020. They note that while secure communications standards are largely finalized, PKI and authentication standards (including quantum-safe SUDI—Secure Unique Device Identifier) are still being ratified.

The concept of crypto agility is introduced as the ability to run both classical and post-quantum algorithms simultaneously, enabling backward compatibility during migration and providing a fallback if a PQC algorithm is later found to be vulnerable. Composite algorithm approaches—combining RSA with ML-KEM, for example—are described as a hedge against uncertainty in the new lattice-based algorithms.

On procurement, Jay advises organizations to ask vendors whether new hardware supports Level 2 secure boot out of the box via a software upgrade, ensuring hardware purchased today can protect the environment for the next five to seven or more years. The episode closes with Han urging organizations to act now: read available resources, assess their cryptographic inventory, and begin migration planning to be aligned with the US government's 2027 deadline.

Key Insights

  • A 2023 NYU research team optimized Shor's algorithm to reduce the logical qubit requirement for breaking RSA-2048 from roughly 25 million qubits to approximately 92,000—a greater than 90% reduction—making the quantum threat significantly more near-term than previously assumed.
  • Han Li argues that adversaries are already executing 'harvest now, decrypt later' attacks by capturing encrypted network traffic today with the intent to decrypt it once cryptographically relevant quantum computers become available, making static data like social security numbers and health records immediately at risk.
  • Jay Sharma contends that networking and security are not separate disciplines, and that treating network infrastructure as mere 'plumbing' ignores the cryptographic vulnerabilities embedded in protocols like SSH and management controllers that can expose the entire network.
  • Han Li describes a novel supply chain attack vector in which a quantum computer could be used to extract private firmware signing keys, allowing an attacker to produce and distribute malware-laden firmware that appears cryptographically legitimate to target network devices.
  • Jay Sharma states that post-quantum algorithms like ML-KEM produce key sizes of approximately 1,200–2,400 bytes compared to 32 bytes for classical algorithms, and warns that failing to account for this in MTU and fragmentation settings could cause significant network disruption during migration.
  • Cisco has supported predecessor post-quantum secure boot algorithms since 2020, working ahead of finalized standards, because network hardware refresh cycles of five to seven or more years mean quantum-readiness must be baked into hardware at the time of manufacture.
  • Jay Sharma argues that the US CNSA 2.0 standard, requiring quantum-resistant cryptography for federal equipment procurement starting January 1, 2027, should serve as a concrete compliance anchor for organizations building their PQC migration timelines.
  • The guests advocate for crypto agility—maintaining the ability to run both classical and post-quantum algorithms simultaneously—and composite algorithm approaches (e.g., RSA paired with ML-KEM) as a hedge against the possibility that newly standardized lattice-based algorithms could later be found vulnerable.

Topics

Post-quantum cryptography (PQC) urgency and timelineHarvest now, decrypt later (HNDL) attack vectorTechnical differences between classical and post-quantum algorithmsNetwork protocol impacts of PQC (IPsec, MACsec, TLS, MACsec)Cryptographic inventory and phased migration strategySecure boot and supply chain integrity threatsCrypto agility and composite algorithmsCompliance mandates and procurement considerations (CNSA 2.0, FIPS)

Full transcript available for MurmurCast members

Sign Up to Access
View original source →

Get AI summaries like this delivered to your inbox daily

Get AI summaries delivered to your inbox

MurmurCast summarizes your YouTube channels, podcasts, and newsletters into one daily email digest.