Defense, Government, and Critical Infrastructure
Sovereign security capability. Cost-effective, scalable, fully standards compliant
Accreditable solution that meets NCSC recommendations, CSfC Symmetric Key Management Requirements Annex, aligns with NSA guidance and is validated by leading cyber security institutions.
Fits within the demands of your unique network environments
Increased security and control of your data without the need to replace existing infrastructure & systems
Defense
Sovereign capability that works with current systems, meets defense standards and is fully scalable to meet the challenges of the digital battlespace.Government & Critical Infrastructure
Control your data security. Prevent Store Now Decrypt Later attacks. Protect the critical private information of your citizens in a post-quantum world. Conform to NSM-10 and other Government security mandates.
What do international security agencies say about symmetric keys?
Cyber agencies are recommending the adoption of symmetric key protections as part of a crypto-agile strategy.The NSA: The White House mandated use of symmetric encryption in 2022 which directs National Security Systems (NSS) to use symmetric keys.
The NSA published a statement via NIAP in August 2023 which mandates the use of RFC8784 by all VPN vendors selling under NSA CSfC authority. RFC8784 is the IETF standard which describes how symmetric keys must be injected into networking appliances like VPNs. NSA CSfC/NIAP is therefore demanding that all classified user VPNs use symmetric keys using this standard. Arqit is the only cloud-software-fulfilled method of delivering symmetric keys which allows true RFC8784 compliance. The only other secure way to inject symmetric keys into appliances using this standard is to use a hardware crypto device, which is cumbersome and expensive and does not allow dynamic creation of multi-cloud connections wherever you want them.
A joint paper was issued on 26 January 2024. It is a relatively high level paper on the perceived constraints and issues on use of QKD. The paper also contains statements about symmetric encryption:
- “In light of the urgent need to stop relying only on quantum-vulnerable public-key cryptography for key establishment, the clear priorities should therefore be the migration to post-quantum cryptography and/or the adoption of symmetric keying “.
- “Post-quantum cryptography and symmetric keying (with pre-shared symmetric keys) must be the primary solutions for quantum-safe cryptography.”
ANSSI: The December 2023 paper by ANSSI recommends hybrid methods for authentication and encryption
- "ANSSI encourages all industries to define a progressive transition strategy towards quantum-resistant cryptography for relevant cryptographic products. The use of hybrid post-quantum mitigation is recommended especially for security products aimed at offering a long-lasting protection of information (until after 2030) or that will potentially be used after 2030 without updates."
- “While there is no concrete evidence that symmetric cryptographic mechanisms would be significantly threatened by quantum computers, a speedup can be expected in certain cases with Grover algorithm and other advanced Grover-based algorithms. Thus, as a conservative measure, ANSSI also encourages to dimension the parameters of symmetric primitives as to ensure a conjectured post-quantum security – in practice at least the same security level as AES-256 for block ciphers and at least the same security level as SHA2-384 for hash functions. This encouragement is slightly more conservative than NIST's and BSI's current recommendation.”
BSI: The BSI recently published a report stating PQCs are not going to help to mitigate the quantum threat in time.
- “On average, this means the participating organizations expect to complete the migration to quantum-safe cryptography 6.5 years too late. If confidential information can be read for many years, possibly while going unnoticed, this could have serious consequences.”