We call it the Trusted Security Foundation. It’s a key management application, and it’s software. The acronym you hear in the industry is KMS, or “key management system” or server. It’s a full enterprise key manager. It does everything you would anticipate or expect a key manager to do — full lifecycle key management of encryption keys, supporting all the classical encryption algorithms out there. Primarily, symmetrical algorithms would be your AES, and then, on the asymmetrical side, RSA, ECC.
We do everything you would expect, including scalability, replication, granular policy management, administration. There are a number of vendors that do exactly what we do. But what’s happening in the encryption world is — and this is where we’re sliding and moving over to the quantum-safe approach — NIST has come out with what we call a quantum-resistant algorithms. Four candidates, they finalised on these four just last year. But the industry is still waiting for NIST to make the standards with specifications so that they can be implemented into these cryptographic applications and systems. While we have something official, it’s still not official yet until NIST says it’s official.
That being said, for a vendor such as ourselves — and every key management vendor out there, every hardware security vendor out there, your certificate authorities, anybody doing anything on the asymmetrical side of encryption — this is where the greatest threat is when it comes to quantum computing. It’s not to the symmetrical stuff like AES. That is considered quantum-safe. The asymmetrical algorithms like RSA and ECC, that’s what’s being replaced with these QRA or post-quantum crypto algorithms. That’s what NIST is determined to decide if that’s what they’re going to do.
What the industry has to do is, over time, implement these algorithms. When you look at the asymmetrical, you can see it’s a very broad market that’s addressed by asymmetrical. All your digital identities, your digital credentials, machine identities, things of that nature are primarily done with PKI, the public key infrastructure. Public and private keys — RSA, ECC and such. Those are going to be replaced by vendors such as ourselves doing key manager.
If you have an algorithm, you need to manage that. With what? A key management application, and that’s what we do. We’re working with partners. We’re implementing the chosen QRA algorithms in our key management platforms so we can manage those too. It’s safe to say that pretty much every vendor doing key management, hardware security modules, asymmetrical encryption applications, they’re doing things likewise. We’re all preparing for this shift to these algorithms, yet to be official, but nonetheless, move toward that — which poses a question: What happens to the old algorithms, the RSAs and the ECCs?
But we talk about an area of key management and encryption in general called crypto-agility. You’re going to hear the industry, especially on the key management side, talk about being crypto-agile. That’s where we’re quantum-safe from a key management perspective. But what does that mean? Crypto-agility fundamentally means transitioning from one cryptographic platform or algorithm to another in as seamless and painless a way as possible with minimal impact to the users of these algorithms, whether it’s digital identities, protecting their information — whatever they might be doing.
The interesting thing about this is, we’ve done this before. This isn’t a new event, or even so much a recent event. We did this with symmetrical algorithms, because 20, 30 years ago, we were using DES, and then we moved to Triple DES, and then we moved to AES. This is, again, not a unique experience, but on this side, it’s on the asymmetrical side. We will be replacing RSA and ECC with these new post-quantum crypto algorithms.
How does that happen? Over time, eventually, you’ll move from RSA and ECC — what we call the classical algorithms — to these new QRA algorithms. This will take time. It doesn’t happen overnight — and nobody expects it to. You can see RSA and ECC having some shelf life of another five-plus years over time because ultimately, the concern is the quantum computing attack on these algorithms, and, again, that’s not here right now. That’s something that’s expected to happen in, depending on who you talk to, 10 years — something along that line. Maybe as soon as five, or probably more about 10 out.
There will be a life span for the classical asynchronous algorithms, but we’ll transition to the PQC algorithms. But somewhere in between, you’re going to have a bit of a hybrid too where you’ll be using some of the classical stuff, and you’re going to be using some of the PQC stuff, and some of them at the same time. Again, that’s where key management systems like ours have to make this type of transition. It’s fundamentally easy for the end users as they do their implementation.
That’s what crypto-agility is all about — moving from this classical stuff to the PQC algorithms in a smooth process, but also not all at once, over time, and even having this hybrid experience too. Our key manager will play in that space. Again, there are a number of notable vendors that do exactly what we’re doing and will do exactly what we’re doing.