The ability of fault-tolerant quantum computers to break public-key cryptography (PKC) will require a more crypto-agile cybersecurity architecture built around post-quantum cryptography (PQC) algorithms that are about to be standardized by the National Institute of Standards and Technology (NIST). With more than 20 billion devices worldwide requiring PQC software and hardware upgrades, the transition to quantum-resistant cryptography (QRC) will take years and require significant resources. For this reason, it’s essential that enterprises and government entities begin the process now, as suggested by more and more authorities and regulators.
By doing so, organizations are putting in place new processes and cryptography management solutions that will enable them to switch from existing cryptographic standards not only to QRC but also to any type of new cryptography they may need to deploy before PQC is requested, without significant infrastructure changes or business continuity issues. This capability, defined as cryptographic agility, delivers business benefits way before fault-tolerant quantum computers will be made available, as it allows the removal of cryptography unknowns, scale and automate existing compliance processes, and properly enforce data encryption policies.
Telecom providers play a critical role in helping to protect against quantum threats. Due to the nature and volume of data that cross their networks, telecom providers are both a prime target for and first line of defense against Store Now, Decrypt Later (SNDL) attacks, in which adversaries acquire and store sensitive encrypted data until the time when quantum computers can decrypt it. But implementing PQC and crypto agility in telecom networks is no easy feat, and a careful balance must be struck between security and network performance.
SoftBank recently took a bold step towards protecting its 9 million mobile and 8 million broadband subscribers, plus hundreds of millions of other online and mobile users, by commencing its transition to PQC. For several months, SandboxAQ worked closely with Softbank’s engineers and security experts to rigorously test how the new PQC algorithms would impact its ability to deliver high levels of service delivery while maintaining regulatory compliance.
After a thorough evaluation, SoftBank determined that a hybrid cryptographic solution, composed of its current elliptic curve cryptography algorithms and new, lattice-based PQC algorithms, performed well across all traffic types and communication channels in the test scenarios. It would also provide the best protection against current and future threats while maintaining network performance and regulatory compliance. The company plans to move forward with its transition to PQC and implement crypto agility as soon as possible.
SoftBank’s decision demonstrates its global leadership, vision, and dedication to its customers. More importantly, implementing PQC and crypto agility strengthens the cyber defenses of everyone who uses SoftBank’s network and sets an example for other providers to follow.
If you’re interested in learning more about SoftBank’s journey to crypto-agility, this case study goes into greater detail about how we worked together. You can also check out our other recent blog post on Crypto-Agility for Telecommunications.
