Quantum computing has the potential to one day break today’s encryption algorithms, requiring a proactive approach to finding new and innovative ways to protect data that can withstand those upcoming capabilities.
Last week, NIST announced the approval of three post-quantum cryptographic algorithms that cannot be broken by a quantum computer.
Here’s what leaders in the industry have been saying about this announcement and what it means for the future:
Tim Hollebeek, industry and standards technical strategist at DigiCert:
“Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographically-relevant quantum computers (CRQCs) arrive. These are quantum computers that are powerful enough to break the asymmetric cryptography used to protect communications and devices on the internet, and they could arrive in as little as 5-10 years. The good news is that the problem can be solved by switching to new hard math problems that are not vulnerable to quantum computers, and the new NIST standards describe in precise detail exactly how to use these new hard math problems to protect internet traffic in the future.”
Kristin Milchanowski Gilkes, global innovation quantum leader at Ernst & Young:
“Since these requirements will be mandatory for federal agencies, and likely contracted partners, it is expected to be only a matter of time before mass adoption from commercial organizations. As quantum computers rapidly improve, the timelines by which they will be able to decode public-key cryptographic algorithms and in which organizations can upgrade to quantum-secure infrastructure are quickly overlapping. Business leaders should consider a risk-based approach as they evaluate their next steps and investments for quantum over the upcoming year.”
David Hook, VP of software engineering for Crypto Workshop at Keyfactor:
“Now that we finally have these published standards, organizations that are serious about safeguarding systems that involve the use of public key technology will need to start moving to deployment. Coupled with the application of crypto-agility, use of the new algorithms will be a necessary part of future-proofing public key infrastructure (PKI) systems to ensure long-term resiliency. PKI represents the cornerstone of systems that rely on secure digital identities and the exchange of encrypted data and these algorithms represent a major advance for supporting both areas.
That said, considering both the resource requirements, and the nature, of these algorithms, it does not mean the new arrivals are simply a case of ‘same-old, same-old.’ There will be a lot of work to do to make sure these algorithms can be used efficiently and effectively. Even without considering the government incentives to make use of post-quantum cryptography (PQC) algorithms now, organizations should be beginning their transition journeys. While the PQ does stand for post-quantum, anyone believing they can wait till after the arrival of a cryptographically relevant quantum computer, before worrying about PQC algorithm deployment, is making a terrible mistake.”
Tom Patterson, emerging technology security lead at Accenture:
“The NIST announcement on new global encryption standards for quantum marks a pivotal moment in our cybersecurity landscape. As quantum computers emerge, they present a significant risk to our current encryption methods. Organizations must assess their quantum risk, discover vulnerable encryption within their systems, and develop a resilient cryptographic architecture now.”