On April 18th, 2024, the NSA released updates and clarifications to their CNSA 2.0 (Commercial National Security Algorithm Suite 2.0) advisory in the form of an FAQ. This is the fifth and final in a series of postings about the questions and answers that we feel are most interesting and our reactions to them.
Q: Can I mitigate the quantum threat by using a pre-shared key?
A: Many commercial protocols allow a pre-shared key option that may mitigate the quantum threat, and some allow the combination of pre-shared and asymmetric keys in the same negotiation. However, this issue can be complex. Customers who wish to explore this option should contact NSA or follow guidance the CSfC program provides.
This is great news for our customers as this means they can enable our PSK (pre-shared key) support in wolfSSL and start their post-quantum journey today! If you’re using Sneakernet (avoiding network transmission) then you’re golden! The knowledge of the pre-shared key takes care of both authentication and key establishment so there is no need for public key cryptography and therefore thwarts Shor’s algorithm.
That said, the NSA is correct, this issue is complicated. Here are just a few points to think about:
- How is the key shared? If it was sent over a data connection that was negotiated with non-quantum-safe algorithms, then this is not considered mitigating the quantum threat.
- How is the key generated? If it was done using an entropy source and/or PRNG (Pseudo-Random Number Generator) that is not approved then you are going to run into problems.
- Do you require PFS (Perfect Forward Secrecy)? Then you might have to think about how you’re going to achieve that very carefully.
- How are you storing and protecting the pre-shared keys? If your efforts to protect it are insufficient then you leave yourself vulnerable to other attack vectors.
Most people are not aware that this can even apply to our wolfBoot product. The signing tool in wolfBoot has a –encrypt SHAREDKEY.BIN flag that allows you to use a pre-shared key to encrypt the firmware image. On the device at boot time, as long as the shared key is stored in a secure manner (ie TPM, secure element) then it can be used to decrypt the firmware image.
Let our experts help you sort out these details. Get started on your journey into a world with quantum computers by downloading wolfSSL now.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.
Check out our CNSA 2.0 Update Blog Series!
- CNSA 2.0 Update Part 1: Today!
- CNSA 2.0 Update Part 2: NIAP
- CNSA 2.0 Update Part 3: LMS and XMSS
- CNSA 2.0 Update Part 4: Deployment
Download wolfSSL Now