Core Concepts
Migrating existing software systems and networks to post-quantum cryptography is necessary to ensure long-term security, but the process is complex and lacks clear guidance.
Abstract
This systematic literature review examines the current state of research on migrating software systems towards post-quantum cryptography (PQC). The key findings are:
Migration Process:
- The migration process can be divided into four main phases: Diagnosis, Planning, Execution, and Maintenance.
- The Diagnosis phase involves asset identification, risk assessment, cryptographic inventory, and cryptographic assessment.
- The Planning phase includes cryptographic prioritization and developing a migration plan.
- The Execution phase focuses on implementing the migration, often using hybrid solutions combining classical and quantum-resistant cryptography.
- The Maintenance phase ensures the migrated systems remain secure over time.
PQC Applications:
- Hybrid PQC solutions, combining classical and quantum-resistant cryptography, are commonly used during migrations.
- A variety of software systems have been migrated, including web servers, databases, blockchain frameworks, and messaging applications.
- Key standards like TLS, X.509, and S/MIME have been adapted to incorporate PQC.
Challenges:
- Lack of experience and high effort required for PQC migration
- Concerns about the security of the post-migration system
- High complexity due to the diverse requirements and constraints of existing protocols and implementations
The literature highlights the need for more comprehensive guidance and best practices for PQC migration. Current approaches are mostly experimental, leading to an overall chaotic situation that this review aims to clarify.
Stats
"Quantum computing poses a threat to this heterogeneous infrastructure since it threatens fundamental security mechanisms."
"At the moment, there is little knowledge on how such migrations should be structured and implemented in practice."
"Practical knowledge about this transition or migration — especially on a broader scale — is limited."
Quotes
"Networks such as the Internet are essential for our connected world."
"Despite the enormous efforts around the globe to provide such future-proof alternatives, the past catches up with us."
"Not only people new to the topic are overwhelmed by the sheer number of academic papers, reports, handbooks, and other documents available."