Quantum computing represents a paradigm shift for computation in general and, specifically, for encryption and encrypted communications. It represents a significant challenge for all organizations, regardless of size or industry as the requirements to move to a quantum resistant cryptographic infrastructure is a daunting task with a variety of parameters that require consideration. As such, Post Quantum Cryptography (PQC) represents an area of major strategic focus for a company that provides solutions catering to the cryptographic needs of organizations.
There are two major components in the implementation of a PQC transition strategy for organizations, namely asset enumeration and deployment of Post Quantum Cryptography algorithms and corresponding protocols. This in turn informs the areas of focus along which Fortanix’ strategy for solving the need of organizations for transitioning to a PQC compliant infrastructure is formed. Specifically, there are main axes that underpin Fortanix’ PQC strategy:
- Key inventory/enumeration.
- PQC implementation, both in turns of providing post-quantum cryptography capabilities and wherever public key cryptography is used within the product itself.
- Training and consulting.
Fortanix DSM offers, as a platform, unique flexibility in the management of a key estate. Its REST API based architecture, key metadata handling and reporting and auditing capabilities that allow for automated and comprehensive management of a key estate. Reports can be produced that allow for estate enumeration per key type, key deployment and/or key metadata allow the user to quickly map out the types,purposes and deployment locations of cryptographic keys.
Alongside the above, DSM includes the HSM Gateway feature that allows for direct interfacing with external HSMs (such as nCipher Connect and Luna HSM) and automatically discovering and managing the keys stored therein.
In addition to the above, Fortanix is in the process of developing new and exciting capabilities in this field so stay tuned!
PQC implementation with Fortanix DSM
Fortanix DSM’s architecture allows us to quickly develop, integrate and reach maturity of PQC capabilities without disrupting core product functionality and requiring complex, service disrupting upgrade paths and potential hardware upgrades.
Fortanix already offers the LMS signing algorithm as part of our cipher suite, and we are well underway in developing ‘not for production’ versions of post quantum algorithms such as CRYSTALS-Kyber in preparation of NIST standardized implementations due in early 2024.
In addition, we have already completed a full internal enumeration exercise for the DSM product and have marked where and how public key cryptography is used in the internal Fortanix DSM architecture in preparation for transitioning Fortanix DSM to a fully PQC (post quantum cryptography) compliant product.
Training and consulting
We strive to be a trusted partner for our customers. Towards that end, we have already prepared training material for PQC for different levels of audience familiarity with the subject. As part of our strategic focus on Post Quantum Cryptography (PQC) solution, we have already conducted internal training on the subject and regularly give presentations on PQC to both existing and prospective customers on both PQC as a subject itself as well consulting on the various areas of consideration regarding implementation of a PQC transition strategy.
Fortanix’s data-first approach helps businesses of all sizes to modernize their security solutions on-premises, in the cloud, and everywhere in between. Enterprises worldwide, especially in privacy-sensitive industries like healthcare, fintech, financial services, government, and retail, trust Fortanix for data security, privacy, and compliance. Fortanix investors include Goldman Sachs, Foundation Capital, Intel Capital, In-Q-Tel, Neotribe Ventures, and GiantLeap Capital. Fortanix is headquartered in Santa Clara, CA. Fortanix – Look. Know. Further. For more information, visit https://www.fortanix.com.