Work item:
|
X.qsdlt-ca
|
Subject/title:
|
Guidelines for building crypto-agility and migration for quantum-safe DLT systems
|
Status:
|
[Carried to next study period]
|
Approval process:
|
TAP
|
Type of work item:
|
Recommendation
|
Version:
|
Rev.
|
Equivalent number:
|
-
|
Timing:
|
-
|
Liaison:
|
-
|
Supporting members:
|
China Mobile, China Information Communication Technologies Group, Soonchunhyang University
|
Summary:
|
Currently most popular DLT systems deploy the conventional cryptographic algorithms to enable secure transactions. The security of these conventional cryptographic algorithms relies on some mathematical hard problems. Once these mathematical problems are solved, the security of the cryptographic algorithms are consequently compromised. Large-scale quantum computers put the most currently used cryptographic algorithms at risk. This may pose serious impacts on the security of DLT systems. To resist against quantum computing attacks, quantum-safe cryptographic algorithms shall be employed in DLT systems to form quantum-safe DLT systems.
Crypto-agility is the ability of a system to migrate easily from one cryptographic algorithm to another, in a way that is flexible, scalable, and dynamic. It is imperative to construct quantum-safe DLT systems in a crypto-agile manner to adopt the appropriate quantum-safe cryptographic algorithms to the DLT systems. There are two reasons for this. One is that there are several quantum-safe cryptographic algorithms to be standardized in NIST, and each algorithm has its own properties. To better match a usage scenario, an appropriate quantum-safe cryptographic algorithm has to be chosen in the quantum-safe DLT system. This requires that a quantum-safe DLT system is crypto-agile in the sense that suitable quantum-safe algorithms can be selected. The other one is that the confidence on the quantum-safe cryptographic algorithms is not well established as these algorithms are relatively new compared to the conventional cryptographic algorithms. Even if these algorithms become standards, they may be compromised in the future by currently unknown attacks. This requires that a quantum-safe DLT system also supports crypto-agility in the sense that a compromised quantum-safe cryptographic algorithm can be flexbile and rapidly replaced with secure one.
Identifying the construction of a quantum-safe DLT system is a crucial issue, ITU-T studied it and released a technical report to provide preliminary solutions for this issue [b-ITU-T TR qs-dlt]. Since these solutions are published just in a technical report, they have limited influence on the implementation of a quantum-safe DLT system. In future the inter-operation among quantum-safe DLT systems is needed to exchange information across them. Some guidances to devise a quantum-safe DLT system, at least in a high level, need to be suggested in order to avoid the inter-operation issues. Thus there is a need to create a work item to standardize the solutions on the construction of a quantum-safe DLT system.
The rapid development and usage of DLT systems all over the world also have requirements on the guidance on the transition to quantum-safe DLT system in order to prevent an attacker from altering the existing transactions and controlling the account of a user. The transition from traditional DLT systems to quantum-safe DLT systems is a complicated and long-term process. For a smooth transition, there are some fundamental issues have to be addressed, such as detecting any change on the recorded transactions, as well as asynchronous software update of nodes in a DLT network. As an indispensable part, guidances on the transition to quantum-safe DLT system shall be included in the work item.
This contribution proposes a new work item on “Guidelines for crypto-agile framework for quantum-safe DLT systems”. In this work item, quantum-safe DLT systems with crypto-agility are proposed to better meet security requirements and match diverse usage scenarios. Moreover, the methodologies to smoothly migrate from the current DLT system to the quantum-safe one are suggested.
|
Comment:
|
-
|
Reference(s):
|
|
|
Historic references:
|
Contact(s):
|
|
ITU-T A.5 justification(s): |
|
|
|
First registration in the WP:
2024-03-12 14:52:10
|
Last update:
2024-09-17 16:49:00
|
|