The promise of quantum computing is tantalizing. Once quantum machines become sufficiently powerful, tasks that would have taken hundreds or thousands of years using traditional binary computers might instead be completed in days or even hours.
But there is an old saying that every solution carries the seeds of the next problem. This holds true for the post-quantum world. All the current encryption and credential tools used to protect data and identity will be rendered effectively useless, and easy prey to quantum hacking.
Addressing the risk side of the quantum computing equation clearly is critical to both national security and the economic wellbeing of the United States. The following is an excerpt from our whitepaper “Planning Ahead for Post-Quantum Cybersecurity” on how the national security sector is preparing.
The White House national security memo assigns responsibility for finding long-term solutions. Specifically, it states that:
“Currently, the Director of the National Institute of Standards and Technology (NIST) and the Director of the National Security Agency (NSA), in their capacity as the National Manager for National Security Systems (National Manager), are each developing technical standards for quantum‑resistant cryptography for their respective jurisdictions.”
To comply with the memo, NIST selected four “quantum-resistant” (QR) cryptographic algorithms in July to begin testing. By the middle of August, one of them had already fallen, in just four minutes, to a 10-year-old regular desktop computer.
In September, the NSA issued its own advisory, which supports NIST’s initial algorithmic selections to “provide future [National Security Systems] requirements so vendors may begin building toward these requirements, and so acquisition officials and NSS owners and operators will know what the requirements are.” The advisory noted that the transition to QR algorithms should be completed by 2035. In other words, companies that serve the intelligence community should start incorporating one of NIST’s prospective QR cryptographic algorithms beginning immediately.
This is a gamble, as the almost immediate failure of one of the algorithms demonstrates, but given the stakes, it makes sense in the national security world. It combines short-term tactics (use one of these algorithms) and long-term strategy (so that when quantum hacking shows up, the systems are already prepared to defend against it).
There is an old adage that the best time to plant a tree is 20 years ago. And the second best time to plant a tree is today. That’s a clever saying because it takes many years for a tree to grow to the point where people can get some benefit from it – nuts or other fruit, shade in the summertime, the environmental benefits, or even harvesting it for wood. And the second-best time is today because delaying only puts off when the benefits can be realized.
The same can be said for investing in quantum-resistant security. It can’t happen overnight, and by the time you really need it, it’s already too late to address the problem. Organizations must set the groundwork now to be ready for a post-quantum future.
Keyfactor’s white paper addresses the scope of the problem and the steps that organizations should be taking now to fix their own vulnerabilities. Download your copy here.