Free Trial
Contact Us
Podcast

Root Causes 282: HSMs and Post Quantum Cryptography

Hosted by
Tim Callan
Tim Callan
Chief Compliance Officer
Jason Soroko
Jason Soroko
Fellow
Original broadcast date
March 2, 2023

Repeat guest Bruno Couillard of Crypto4A joins us to explain where Hardware Secure Modules (HSMs) fit into the world of PQC. We discuss the issues surrounding how HSMs will work with post quantum algorithms and hybrid certificates and the process (and timelines) for defining how HSMs will incorporate PQC.

Podcast Transcript

Lightly edited for flow and brevity.
Tim CallanTim CallanWe are very fortunate to have a return of our excellent guest, Bruno Couillard. Bruno joined us recently to talk about new legislation and we told him we wanted him to come back and I guess we weren’t too mean to him because he agreed to come back. Bruno, welcome.

So, Bruno, you are the CEO and CTO at Crypto4A. Let me just say that so everybody knows and you are quite an expert not only in the world of post-quantum crypto but also in the world of HSMs and this is very important because what we want to talk about today is the intersection of those two worlds and we couldn’t think of a better person to educate us on this than you.

I mean I’m gonna ask like a hugely broad question – perhaps an overly broad question just to get us started – which is, we all have heard a lot about PQC, the new algorithms are out. It’s very important they gotta get rolled out across all kinds of different things - certificates and non-certificate related crypto. Where do HSMs enter into all this?
Bruno CouillardBruno CouillardI love this question. It is a broad question and maybe to help navigate that question, I’ll suggest it’s an interesting timeline for HSMs in the sense that at the same time as the world’s compute distribution is shifting, so it used to be the early days – and that’s when I started in that business, almost 30 years ago – HSMs were sold as very critical, expensive, hugely important pieces of an IT implementation. They were the printing press of the digital world and you needed to control those extremely carefully.

As the world has evolved at uber speeds and that we’re now in the world of cloud computing, edge computing soon coming on, HSMs have had to shift from this idea of this critical piece of technology on-prem to being somewhere in the cloud. So, there’s that dynamic. As that dynamic is taking shape, there’s this notion of, well, we now have another thing we need to do with HSMs. They have to become more agile. They have to allow for cryptography and cryptographic primitives to be easily modifiable. So, if you, again, go back in time, HSMs were born in the hay-days or the very complex world of export controls, cryptographic capability or crypto with a whole for those of you that remember the Clipper chip - - So, you remember if you design something like an HSM, you could not make that thing be easily migratable to different algorithms. It had to be very precisely implementing a specific set of primitives that could not be changed.

So HSM designed a KEM from that era and that’s a fairly large number of HSMs today are having to now adapt to a new reality. And I’ll ask you guys the question. For example, if you come to an HSM and you ask this HSM to give you a key handle for say an RSA key that your CA software considered that key to be the authoritative digital equivalent of putting your stamp of authority on a certificate. So, that’s the way things have happened. The API for that call was either PKCS#11 or KMIP or a few variants, but most of these APIs you go search a key, you get a key handle, you come back to the HSM, you say I need you to use this and you need a signature. Now with all the talks about PQC, there’s a fairly strong possibility – and I think we’ve talked about that in the past, you may end up having two key pairs that will be required to print the authoritative stamp of approval. Sectigo says this is a certificate, it has two signatures.
Tim CallanTim CallanYou mean it has RSA and it also has CRYSTALS-Kyber, by way of example?
Bruno CouillardBruno CouillardAs an example.

Now, you have to ask yourself do you want your software to decide which two keys are being used is the assurance of those two keys and the authority that that two keys provide and grant is it living at the software level or does it live inside the HSM? Is the HSM guaranteeing that those two keys and only that pair combination will ever be used. And that’s a question that we haven’t really yet faced as we are going to be evolving in this new world of hybrid composite.

So, as we are currently entering this dynamic and our tools, our thoughts, we being the wild world of industry and security practitioners – we’ve lived in a box. That box was created back in the 90s and we have to think outside that box. It will be very interesting and challenging to figure what are the new shape and size of that new box and PQC definitely will push the boundaries and have us all asking ourselves those types of questions. What does a key handle mean? Is it an authoritative thing? Is it just a private key and somewhere else is the authority and the governance of these keys? So, I think this is just a single, simple example of what we are about to face.
Tim CallanTim CallanThat’s a very provocative thing you just said because I start to wonder then, I say who answers those questions? Is it private vendors who are developing products? Is it literally going on in their product management and development groups? Is it something that’s being handled at a standards body level? Like how do those questions get answered?
Bruno CouillardBruno CouillardI would say from what I’m seeing now, there are – as an example, another slightly, like you can think of that as a different angle, but a different example, there has been for the past few months a fair bit of conversations on different mailing lists and different standard groups having to do with the simple idea of it used to be that in order to use a digital signature, you would apply a digest operation on some chunk of data. You would take the digest and you would get the digital signature to transform that digest into a digital signature. So, that was RSA, CDSA and so on.

But recently, designers of algorithms have thought that why did we sign the digest? Why don’t we process the entire bulk of the data and all the data gets processed and you get in the end a signature. And these two concepts seem at a mathematical level innocuous or don’t care. It’s the same, who cares. When you drop that in the world of an HSM that may be sitting in the cloud and you think of a use case such as a firmware signing or code signing, now you have to sit back and think, whoa. In order for me to provide a signature today using RSA, I could send a digest a few hundred of bytes to that cloud-based machine and the cloud-based machine will reply after having performed the signature with another few hundreds of bytes. So very small inputs, very small outputs, you are done. Get your answer and move on. And from the use case perspective, whoever had that binary code did not have to divulge any of the data to the location where that HSM reside.

With the new techniques, now I need to send the entire chunk of code and if it’s not code but a document, I need to send the entire document and that’s much more bulks of data. The design of current HSMs that are currently designed to the old techniques, those techniques are going to have very poor performance if you try and use the old ways in the new cryptographic algorithms. So, that is currently going on in the debates around multiple mailing lists and that simple, tiny decision is now having a pretty significant impact. So, that’s one angle on the HSM.

I’ve recently brought up the other variant of this impact which if you think of the world of tomorrow where we are currently working to bring billions of billions of IoT device and the intent and you hear that a lot, to make the world of tomorrow built around smart things, smart IoT things. The smart tends to equate – you have to be able to keep the smarts going - you’ll likely want to do firmware updates on those devices. If you think of that in combination, again with the PQC transition and you look at the current feeling about do we do pure PQC signatures or just in case we are not 100% sure that these PQC algorithms will be great forever, should we maintain a bit of a backup plan. So, we’ll do both. We’ll apply both an ECDSA and a PQC signature on our firmware, for example.

And if you do that, then you have this conflict of well one uses the hash then sign methodology – the old. And the new one it may be just a pure sign concept.

So before IoT designer is sitting there at his desk or her desk and trying to figure out how the heck do I now with the fuse of power at my disposal in that tiny device have to now deal with I need to then process the entire bulk of the firmware update. I mean it’s ok if you think of an HSM. They have power. But if you are thinking of a tiny sensor or your pacemaker or your device that gives you the insulin pump, all of these devices you want to make sure that the power that they use is not used for cryptographic reason. You want those devices to be pumping insulin or ensuring your heart keeps beating. So, there’s going to be a lot of interesting choices to be made. Do you want to go the pure pristine, raw, nice secure approaches or do you stay pragmatic and keep thinking there is a line here between the uber duper security vs. that of security with pragmatic principles.
Tim CallanTim CallanThere’s another trade-off here if I may, which is time. One of the things that, again, that we recognize and we talk about is quantum computers continue to progress and in some use cases in some instances, we already fear that it’s kind of too late. The more time you talk about well we don’t want to have a cryptographic reason why that insulin pumps stops pumping insulin or your heart stops beating but at the same time we don’t want somebody to be able to launch an attack that will start your heart from beating. That would be really bad also. And so, getting these things ready and going in a timely manner seems to be is imperative.
Bruno CouillardBruno CouillardAnd I think what I’m ultimately reflecting on and you’re bang on, we’ve had 30 years of time to reflect on those things and banging around these different principles and having these arguments, it’s typically been spread across 30 years of time. Now we are trying to redo that exact same rethinking in the next few years.

This impression and the importance of every single decision will be quite interesting to watch. I’ve been here for 30 years at this kind of job. I’ve seen all sorts of cool debates and never have I seen so many debates of such a critical importance in such a short timeline. And we’re only starting to scratch the surface. We’re only coming into 2023 on the heels of 2022 lots of things have now been kind of activated. You can feel the industry has been given go. Start moving.

I’m sitting here thinking about all of these different questions and these different topics and I can’t say for absolute certainty that - - they’re all kind of very important. They each have their importance and this notion that in the past 30 years we’ve been dealing with pretty solid devices that would handle crypto, whether they are servers or your laptop or your watch or your cell phone, you typically dealt with a fair bit of power and, some devices were a bit slower but, on average, power is never really an element that tended to enter into your decision-making process and how do I do my security. But in the future, with IoT with the fuse of power, the importance of the availability question versus that of the integrity, because what’s shifting here is it’s no longer just a bunch of confidentiality-related questions, it’s the availability and availability of the battery for your insulin pump or your pacemaker is ultimately I would argue much more important than have you got the latest firmware.

And that’s where things are shifting and those dynamics bring about debates that we really have not had much of those in the past. I suspect it will be a big learning curve for many of the practitioners out there, including myself to be honest.
Jason SorokoJason SorokoBruno, you just schooled us on a lot of things. I’ll tell you, that’s a Master class in a number of items. I think it’s actually it becomes an important document, this podcast. So thank you for that.

So many of these things that need to be worked out and I agree with you, these are questions that have at least 30 years of history behind them in some cases. We know how the decision-making process for post-quantum cryptographic algorithms happen, it’s very clear, it’s very celebrated through NIST, IT working on various other things like, how do we deal with hybrid certificates and TLS 1.3 handshakes? We see that kind of work happening. Where are some of the other things that are just real fundamental decision-making and thinking happening right now? Is it happening at the vendor level? Is it happening at the academic level? Where is this happening?
Bruno CouillardBruno CouillardI really think this is a hugely nascent conversation. Up until recently, we have been talking to folks that in the industry that are starting to put quantum-safe root of trust in their devices. They are dealing with devices that will be long-lived, that will be hardly possible to reach once installed or deployed. So you have a plethora of things now that are starting to be designed and folks that are starting to think, ok, how do I now do this? And those questions are starting to pop up. And what we are seeing is that not many people have current answers. Like there is a whole pile of questions and there is a bit of competitive ideas in there. Some folks prefer not to go out and ask those questions in a broad public domain. We tend to be a bit lucky because we get asked the questions and there are relationships but I can tell you I’m seeing very critical questions, very critical decisions having to be made right now and nothing out there, nobody, no forum, no protocol; it has not been part of our past. So there’s not been any institutionalization I guess of these processes. So, today, if you want to talk APIs, you might go to the Oasis and look at PKCS#11. You may look at KMIP, you might go to that body to decide on how should APIs evolve. But if you go there and you ask that question, a subordinate question and say you are, especially for Sectigo, do you want your software to make two calls to an HSM with two different private keys when you sign a hybrid certificate in the future, or do you want the HSM to guarantee those two private keys are being now locked in their life cycle forever. They get backed up. They get destroyed. They get revoked in a pair, as a pair or as a set. You may end up with five of these things. You don’t have to be locked into a two but the question then becomes a important one because if the responsibility is on the CA to track the life cycle and the linkages of these two things, then you guys have to start thinking of the backup and how do you back up these two keys and how do they get operated and blah, blah, blah. And when you do a CRL how you make sure both keys exist and so on. And that question I don’t think has been really investigated. I don’t think anyone has really sat back and thinking, well, what could the legal repercussions of that be? What is the HSM role? Is it to purely secure a private key in itself to the application to link the existence of more than one private key with another? I leave that question open. I don’t have the answer. But maybe you guys have a view on that one. I’m potentially pointing to some yet to be brought about questions.
Tim CallanTim CallanAnd I think that’s a good point, Bruno. Like you are talking about things now that it feels like to some degree some really smart brains are working on in real time and so one of the things we will need to do is we will need to monitor how the thinking goes and how those decisions are made because right now we are just speculating on a lot of this, right?
Bruno CouillardBruno CouillardAbsolutely. And I’ll leave you guys with a final thought, for example. Every decision we’ve made in those past 30 years were based on a series of assumptions. You assume X you go with this and you moved on. There’s a stack of assumption that we built this current technology. You almost have to come back to that stack and revisit every one of those assumptions and why did we do X? Well, back then, it made sense. Does it still?

Like another example is the one having to do with the cloud. It used to be that you bought the HSM, you operated the HSM, you guaranteed the security of the HSM, it was a physical object you had in your possession and you controlled it and it was a pretty important piece of technology. The HSM in turn secured your keys. So, you owned the HSM and the HSM owned your keys. But when you get in the cloud, that box sits somewhere else. It’s being operated by someone else but it’s still the same old box. It’s a cloud machine but is it really your key? Can you move your key? Do you have the same controls in your keys? That’s a question that has now shifted given the importance of a cloud deployment. Are HSMs built to that or were they build back in the days where the HSM owns the key and you own the HSM and that’s, again, seems an innocuous idea but you have to sit back and think, there might be some assumptions there that need to be revisited and, as I said, I keep bumping into those kinds of assumptions myself and then going, huh, well, that said, that’s a different possibility here and we hadn’t thought of that before. So, that’s my kind of thinking on it.
Tim CallanTim CallanSo, I’m gonna ask again probably a badly unfair question but you talked about how there’s a lot things that sort of need to be explored and need to be figured out. In your mind, what are you imagining is the timeframe for those things to be figured out?
Bruno CouillardBruno CouillardI’m telling you the next few years are going to be busy, busy times for the practitioners out there, for the protocol brains out there, for the folks that have cryptographic needs that are now expanding at almost light speed. If you think of the IoT world and the smart construct we are trying to build, that new generation of gizmos has now to start making their case known to the cryptographic community. So they are being seen as a user of cryptography. We can’t think of cryptography being used only in the IT world as it has been for the last 30 years.

We are about to see brand new massive amounts of a new generation or a new breed of cryptographic protocol and users and those are gonna be IoT device, small amounts of power, very constrained, where in most cases – not all – but in most cases, the primality or the priority will be on availability of these devices. Way more so than do they bring enough confidentiality.

Or in fact, is confidentiality even the question. Maybe it’s the integrity and availability and who cares about confidentiality. That is going to change the scene in a dramatic fashion because let’s face it, we’ve dealt with confidentiality. Now privacy is a big thing, but it’s still a giant of confidentiality. We are about to embark on a new planet of integrity and availability in a way I don’t think we’ve been influenced in the past so much by these two aspects. And sorry, I keep not answering.
Tim CallanTim CallanNo, but that’s the answer right there. I mean I think one of the things that we’ve seen revealed here if I could suggest is that you’re showing in a lot of ways just how much still remains in front of us to be done.
Bruno CouillardBruno CouillardOh absolutely, Tim.

And I will keep saying and I think, ultimately, agility will be at a massive, massive importance. So crypto agility will become a massive important thing. I would also suggest that – and maybe I’m preaching a bit here – but as you guys know, you cannot bolt on security after the fact and any attempts to bolting on agility or post-quantum cryptography after the fact will be pretty challenging to achieve. You need to have it built in from the base. You need to have thought it through from the very early design cycles and that is going to be a challenge in and of itself as well.
Tim CallanTim CallanAlright. Well, my head is spinning. Jason, is your head spinning?
Jason SorokoJason SorokoMy hand is cramped from all the notes I’m taking.
Tim CallanTim CallanExcellent. Well, I think there’s clearly more discussion to be had here so once again, we are gonna try to twist your arm to come back in the future but what a great introduction to the topic today.
Bruno CouillardBruno CouillardGentlemen, I’d be more than flattered to come back again and thank you for allowing me to be back on your show. I think I may be depressing at times.
Tim CallanTim CallanWell, but we gotta do this. These are the realities we have to face and we have to fix them and that’s what we are doing.

Stay informed with expert insights

Subscribe to Root Causes for engaging discussions on PKI, digital security, and best practices for protecting your organization's critical assets. Don’t miss an episode!

Listen on Apple PodcastsListen on SpotifyListen on SoundCloud