Carrie Peter | Managing Director | Impression Signatures | mail me |
Quantum computing and encryption are poised to revolutionize digital security, presenting both immense opportunities and significant challenges. The first quantum computer was created almost three decades ago, in 1998. Yet, the topic still seems futuristic to many.
While its applications remain unknown to most, quantum computing combines computer science, physics, and mathematics. It provides solutions the world has been trying to find for eons – and those it doesn’t yet know it needs.
Quantum computing rivals classical computers and often outperforms them. It uses quantum mechanics to find fast and complete answers to complex problems. Quantum computing is advancing at a rapid rate – certainly faster than expected.
The evolution of quantum computing
Today, many countries already possess their own quantum computers, with quantum computing even available as a SaaS solution. However, as with most technological developments, the opportunities brought by quantum computing are matched by new threats.
The evolution of quantum computing puts the security of any data in the digital space in jeopardy.
IBM recently published an article about quantum computing. It noted, “Quantum technology will soon solve complex problems that supercomputers can’t solve, or can’t solve fast enough”. But what if the problem it’s solving is breaking through security firewalls or encryptions? This poses a massive threat to encryption.
Quantum computing and encryption
A quantum computer could decrypt traditional encryption in a fraction of the time. While quantum computing’s evolution will continue, it means security must be bolstered.
Thankfully, global standards and security bodies have been working hard on new post-quantum encryption algorithms. The first three standards will be released on 13 August 2024.
As published by the National Institute of Standards and Technology (NIST), these new standards include:
- Federal Information Processing Standard (FIPS) 203: Primary standard for general encryption.
- FIPS 204: Primary standard for protecting digital signatures.
- FIPS 205: Designed for digital signatures and uses the Sphincs+ algorithm.
As standards and security measures fortify against quantum computing threats, it’s essential organizations pay attention to post-quantum cryptography (PQC). Many business leaders counter the argument for PQC, believing we are ‘years’ away from quantum computers.
The need for post-quantum cryptography
The reality is that these computers are already being miniaturised and will likely come to market much sooner than expected.
Implementing PQC measures now will protect data against strategies such as Store-Now Decrypt-Later (SNDL). This cyber threat involves storing encrypted data now to decode it later when quantum computers become widely available.
HP discussed this in a recent blog entry:
A sufficiently powerful quantum computer will break the cryptography we rely on in our digital lives. An attacker can intercept and store encrypted data today, decrypting it once quantum computers are feasible.
Companies need to think about PQC now. Some devices, such as cars, being produced today will still be in use when quantum computing proliferates.
In conclusion
In 2023, the US government mandated that companies transition to PQC as soon as possible. With the release of the new standards, it’s critical to take the transition to PQC seriously.
As global standards are incorporated into these algorithms, organisations or solutions following these standards will have to adopt PQC. This means that users will experience a seamless switch to more secure standards. However, companies must note that encryption is only as secure as the authentication applied while using it.
For organizations to ensure security, they must implement proper access management, authentication, and a zero-trust model.
