What are the Implications of Post-Quantum Computing on Security and Cryptography?
Like all evolutions in technology, quantum computing promises to revolutionize problem-solving and to do so at speeds that are unimaginable for classic computers we know. However, this technological advancement also poses a significant threat to our current cryptographic systems and algorithms that underpin how the world protects and verifies information.
In this blog, we'll explore the threat posed by quantum computing and the mitigations required in the post-quantum computing world so that—with this awareness—you can remain secure and more easily adjust when the time comes.
The Quantum Threat to Cryptography
Let’s start with the core issue—current computer processors rely upon discrete states of binary numbers (0, 1) processing serially, quantum computers will utilize the principles of quantum mechanics to perform multiple calculations at once.
That’s an exponential increase in computing power.
Given that cryptographic algorithms rely on processing speed to solve incredibly difficult math problems, the increased speed of calculation using quantum processors could solve the encryption algorithms currently in use, threatening the security of the encrypted data, whether in transit, in use, or stored.
8 Key Security Considerations for Quantum Computing
The solution to the danger facing existing encrypted transactions and repositories has since coined the term “post-quantum cryptography”—or the global effort focused on developing cryptographic solutions resistant to the vulnerabilities introduced by quantum computing.
As these solutions progress, there are eight specific aspects that will require attention in creating the secure implementation of quantum computing.
1. Risk Assessment and Information Classification
Though cutting-edge quantum computing will first only be available to those with the means and the funds to deploy it for their purposes, it will be critical for those who do to also add quantum computing risks to any established enterprise risk management (ERM) program.
To address quantum computing sensitive data, this risk management should be augmented by an updated information classification scheme.
2. Transition Period
Transitioning from traditional cryptography to post-quantum cryptography will be a complex task, as you’ll need to require your existing, non-quantum computing infrastructure can support the new algorithms.
As part of that transition, it’ll be critical for organizations to establish a clear inventory of cryptographic assets across the enterprise. To ease the change and find the best paths toward quantum implementation, it may help to reassess the value of your data and data retention policies through the lens of quantum computing.
3. Quantum-Resistant Cryptography
As it’s projected that quantum computers will be able to break existing cryptographic algorithms within hours, it’s paramount to develop new cryptographic algorithms that even quantum computers cannot readily solve.
Work has already started to make these algorithms computationally difficult to calculate the key. As they make it computationally difficult to calculate the key—even for quantum processors with exceptional processing speed—promising approaches include:
- Lattice-based cryptography
- Code-based cryptography
- Multivariate polynomial cryptography
4. Quantum-Safe Protocols
Beyond encryption, other protocols—e.g., digital signatures, authentication, etc.—will also need to be made quantum-resistant.
While solutions are still in the process of being developed to address these aspects of security, organizations can get started in this by creating an inventory of what is in use to facilitate future transitions.
5. Quantum Key Distribution (QKD)
Not only are cryptographic algorithms at risk, but the transmission of cryptographic keys used to enable them also could be prone to eavesdropping in a post-quantum world.
Fortunately, quantum key distribution is a promising technology that leverages the principles of quantum mechanics to secure communication channels, as a high level of security is built in to detect any eavesdropping attempts while affording flexibility for key changes in a short time without human action.
Though it is commercially available, QKD may currently be cost-prohibitive for your organization—still, integrating QKD into existing systems would be a step toward quantum-safe communication.
6. Long-Term Data Protection
Given that the post-quantum computing threat can impact data—both in storage and in transmission—it’s vital to better understand your complete inventory of encrypted data, including the algorithms in which they were encrypted.
Organizations must consider the long-term security of that data, as the methods used for encryption today may remain secure for years to come or could require immediate upgrades to implement protections commensurate to its value.
Migrating to post-quantum cryptography is a step towards mitigating threats of exposure to maintain confidentiality - even in the future with quantum computers.
7. Budget and Resource Allocation:
As you’ve likely discerned by now, preparing for post-quantum security will require more allocated resources and budget to serve the following:
- The creation of a comprehensive inventory of your current Cryptographic Hardware and Software implementations;
- The establishment of a Cryptographic Bill of Materials (CBOM);
- Hardware/software upgrades;
- algorithm adoption; and
- Training for staff in the implementation of quantum-resistant solutions.
While there’s no turnkey solution here, proactive measures will go a very long way toward business continuity and reducing your exposure.
8. Standardization Efforts
Meanwhile, several standards organizations—including the National Institute of Standards and Technology (NIST) and other international governmental agencies—are already involved in standardizing post-quantum cryptographic algorithms to ensure interoperability and widespread adoption.
Security professionals must keep an eye on these standards and their development and apply those controls based on risk.
What You Can Do Today to Prepare for Secure Quantum Computing
The advent of quantum computing presents both opportunities and challenges for the field of cybersecurity, and though it does have the potential to break current encryption systems, the development of post-quantum cryptography and security measures is already underway.
As the technology continues to progress, stay informed about quantum-resistant algorithms, transition your systems, and prepare for the threats posed by quantum computing. To help you get started, here’s our suggested three-step plan:
- Begin by performing a comprehensive review of your data to determine the value or sensitivity of all of it.
- Next, create a plan that accounts for the technologies in use to stay informed on updates and potential threats.
- Then, create a plan to migrate to newer methods of protecting data in transit and storage that are quantum resistant.
Want additional information? See these links from CISA and the NSA. They include additional guidance and resources. And if you’d like more direct input from those experienced in this area, reach out to us—we’d like to meet with you.
About Sully Perella
Sully Perella is a Senior Manager at Schellman who leads the PIN and P2PE service lines. His focus also includes the Software Security Framework and 3-Domain Secure services. Having previously served as a networking, switching, computer systems, and cryptological operations technician in the Air Force, Sully now maintains multiple certifications within the payments space. Active within the payments community, he helps draft new payments standards and speaks globally on payment security.