Networks such as the Internet are essential for our connected world. Quantum computing poses a threat to this heterogeneous infrastructure since it threatens fundamental security mechanisms. Therefore, a migration to post-quantum-cryptography (PQC) is necessary for networks and their components. At the moment, there is little knowledge on how such migrations should be structured and implemented in practice. Our systematic literature review addresses migration approaches for IP networks towards PQC. It surveys papers about the migration process and exemplary real-world software system migrations. On the process side, we found that terminology, migration steps, and roles are not defined precisely or consistently across the literature. Still, we identified four major phases and appropriate substeps which we matched with also emerging archetypes of roles. In terms of real-world migrations, we see that reports used several different PQC implementations and hybrid solutions for migrations of systems belonging to a wide range of system types. Across all papers we noticed three major challenges for adopters: missing experience of PQC and a high realization effort, concerns about the security of the upcoming system, and finally, high complexity. Our findings indicate that recent standardization efforts already push quantum-safe networking forward. However, the literature is still not in consensus about definitions and best practices. Implementations are mostly experimental and not necessarily practical, leading to an overall chaotic situation. To better grasp this fast moving field of (applied) research, our systematic literature review provides a comprehensive overview of its current state and serves as a starting point for delving into the matter of PQC migration.
翻译:互联网等网络对于我们的互联世界至关重要。量子计算对这一异构基础设施构成威胁,因为它危及基础安全机制。因此,网络及其组件需要向后量子密码学(PQC)迁移。目前,关于此类迁移应如何在实践中构建和实施方面的知识尚不充分。我们的系统文献综述探讨了IP网络向PQC迁移的方法,梳理了关于迁移过程及典型实际软件系统迁移的论文。在过程方面,我们发现文献中对术语、迁移步骤和角色的定义不够精确或缺乏一致性。尽管如此,我们识别出四个主要阶段及相应的子步骤,并与新出现的角色原型相匹配。在实际迁移方面,我们看到报告使用了多种不同的PQC实现和混合解决方案,适用于广泛系统类型的迁移。在所有论文中,我们注意到采纳者面临三大挑战:缺乏PQC经验且实现工作量大、对即将建成的系统安全性存在担忧,以及高度复杂性。我们的发现表明,近期的标准化工作已推动量子安全网络向前发展。然而,文献在定义和最佳实践上仍未达成共识。实现大多处于实验阶段且未必实用,导致整体局面混乱。为了更好地把握这一快速发展的(应用)研究领域,我们的系统文献综述全面概述了其当前状态,并为深入探讨PQC迁移问题提供了起点。