Why quantum cryptography is a call to collaborative action 

The quantum era demands more than just technical upgrades, it calls for a strategic overhaul of current cryptographic practices

Greg Wetmore

The invisible threads of cryptography stitch together the very fabric of our digital lives. From safeguarding our financial transactions to protecting national security secrets, cryptographic algorithms play a pivotal role in securing the digital realm.  

Cryptography is like a series of complex locks and keys that keep our online information safe. Imagine every time you send a message, make a payment, or log into an account, it’s sealed in a digital envelope that only the right key can open. Cryptographic algorithms are the sophisticated rules that create these locks and keys, ensuring that only authorised people can access the information.  

Yet on the horizon looms a challenge of monumental proportions: quantum computing. This emerging technological frontier threatens to unravel the cryptographic safeguards we’ve relied on for decades, urging an immediate pivot to post-quantum cryptography.

The quantum leap

Quantum computing marks a new era in technology, distinct from the computers we use today. Traditional computers process information in bits (0s and 1s), whereas quantum computers utilise quantum bits, or qubits. These qubits can represent and process information in multiple states simultaneously, thanks to quantum mechanics. This capability enables quantum computers to solve complex problems far more quickly than current computers. Giants like IBM, Google, Microsoft, and Amazon, along with national governments, are investing heavily in quantum research. Recently, it was announced that a quantum supercomputer would be employed to significantly reduce UK train delays in a Department for Transport trial.

Related Story:

The potential for quantum computing to disrupt cryptography has been known since 1994, when mathematician Peter Shor revealed an algorithm demonstrating quantum computers’ theoretical ability to break RSA encryption. As quantum computing edges closer to reality, its cybersecurity implications grow more pressing. The threat is not just a matter of future concern but is already shaping current cybersecurity strategies. The USA’s National Institute of Standards and Technology (NIST) is leading the charge against quantum vulnerabilities through its post-quantum cryptography competition, which has been key in identifying and standardising quantum-resistant algorithms, marking significant progress in safeguarding our infrastructure. 

Similarly, the private sector is beginning to incorporate quantum-resistant technologies into their systems, setting a benchmark for others. Companies like Mastercard and Apple have both made recent moves to prepare for post-quantum. The recent announcement of iMessage’s PQ3 protocol marks a significant milestone in cryptographic security, showcasing how private enterprises can play a pivotal role in advancing quantum-safe communication standards.

Harvest now, decrypt later

The strategy of “harvest now, decrypt later” underscores the immediate and evolving danger posed by quantum computing. In this approach, cybercriminals and potentially adversarial nation-states are proactively collecting vast amounts of encrypted data. Their gamble is on the expectation that advancements in quantum computing will eventually provide them with the means to decrypt this information. This speculative strategy exploits the temporal gap between data encryption with current standards and the future ability to break these encryptions, effectively turning today’s secure communications and stored data into tomorrow’s open secrets.

As quantum computing edges closer to reality, its cybersecurity implications grow more pressing. The threat is not just a matter of future concern but is already shaping current cybersecurity strategies.

This tactic is particularly concerning for data with a long shelf-life – information that remains sensitive or classified over years or decades. Examples include government secrets, intellectual property, and personal information that, if exposed, could have lasting implications for national security, competitive advantage, and individual privacy.

The NSA’s latest guidelines amplify this concern, stressing the urgent need for organisations to adopt quantum-resistant security measures. By transitioning to quantum-resistant cryptography, organisations can mitigate the risk of future decryption and protect their data from becoming vulnerable to quantum-enabled adversaries.

Embracing quantum-resistant cryptography

The transition towards quantum-resistant cryptographic algorithms is essential in preparing for the quantum computing era. Luckily, technology has advanced to the point where there is a clear framework for organisations aiming at post-quantum readiness.

An AI-generated visual interpretation of quantum cryptography.

Practical steps for post-quantum readiness

  • Inventory and assessment: Organisations must begin by conducting a thorough inventory of their cryptographic assets. This includes identifying and cataloguing all encryption keys, certificates, and usage of cryptographic algorithms. Understanding the current cryptographic landscape within the organisation is crucial for assessing vulnerability to quantum attacks.
  • Crypto-agility: Developing a crypto-agile infrastructure is essential. Crypto-agility refers to the ability of an organisation to swiftly adapt to new cryptographic standards and algorithms without significant disruption. This includes efficient management of the lifecycle of certificates and keys, ensuring that cryptographic practices can quickly evolve in response to emerging quantum-resistant standards.
  • Risk assessment: Identify and prioritise the protection of long-lived, sensitive data that could be most at risk in the event of a quantum computing breakthrough. This includes data that, if decrypted, could cause significant harm or pose security, privacy, or financial risks.
  • Hybrid cryptographic models: In the short term, organisations can consider implementing hybrid cryptographic models that utilise both traditional and quantum-resistant algorithms. This approach not only enhances current security but also lays the groundwork for a smoother transition to fully quantum-resistant cryptography.

The urgency of quantum-safe transition

The quantum era demands more than just technical upgrades; it calls for a strategic overhaul of current cryptographic practices. With quantum computing’s rapid progress, the window for preparation is narrowing. Procrastination could leave vital data vulnerable to future quantum attacks. It’s imperative to cultivate quantum resilience proactively, ensuring security before the threat materialises fully.

The dawn of quantum computing compels a clear call to action: prepare, adapt, and collaborate. Transitioning to quantum-safe cryptography is a journey of foresight, planning, and proactive engagement. By securing cryptographic assets against quantum threats now, organisations can safeguard their digital futures, ensuring they remain at the forefront of cybersecurity.

Are you prepared to protect your critical infrastructure?

Secure your vital ICS environments, essential for critical infrastructure, manufacturing, and more with a series of courses from Hacktonics to bridge the gap between traditional IT security and the unique challenges of safeguarding Industrial Control Systems (ICS).

Click to find out more about these hand-on cyber security courses.

Greg Wetmore
Greg Wetmore / Guest Writer

Greg Wetmore is Vice President of Product Development at digital security company Entrust