Organizations must prepare for post-quantum cryptography (PQC).
Welcome to the quantum era. While once considered a distant prospect, experts now estimate that the first fully error-corrected quantum computers could be here as soon as 2030. A cutting-edge innovation that combines computer science, physics, and mathematics, quantum computers signal a monumental leap forward into uncharted technological territory.
However, as quantum computing emerges on the horizon, it brings with it unprecedented challenges for the cybersecurity landscape. Most prominently, many of the security controls used today are incapable of defending against quantum-based attacks. Quantum computers will break the cryptography that is central to cybersecurity, intensifying existing risks and creating avenues for new threats. Further, due to quantum computing’s superior computational power, various cryptographic algorithms could be rendered obsolete soon. In fact, some experts believe that Y2Q—the time when Quantum computers will break classical asymmetric crypto—is only about 10 to 15 years away. In addition to quantum computers’ ability to break existing cryptographic security measures, we’re also seeing Steal Now Decrypt Later attacks transpiring today, where bad actors are harvesting encrypted data and storing it to decrypt with quantum Computers later.
While quantum computing will undoubtedly transform key industries for the better, its cyber threats demand our immediate attention. Organizations must gear up to revamp their information security systems to be Quantum Resilient. Regulators are moving aggressively to ensure that critical infrastructure is protected against these threats. But with everything from doorbells to cars connected to the internet, the overhaul of the security of these systems will take a long time.
Quantum computing amplifies cyber threats
Utilizing specialized hardware components and algorithms that leverage quantum physics, quantum computers will outpace current supercomputing technology. For example, quantum computers built by the University of Science and Technology of China can perform calculations at ten million times the speed of the world’s fastest supercomputers.
While this newfound speed might seem like a good thing, it also means quantum computers can quickly and easily bypass security measures intended to safeguard systems and data. Specifically, quantum computers leverage Shor’s Algorithm to rapidly decipher public key infrastructure (PKI) based algorithms, the typical algorithms used to protect most of today’s classical computing systems. Current security standards—like Trusted Platform Modules (TPMs), IEC 62443, and ISO/SAE 21434—all use PKI-based algorithms and, therefore, are not equipped to defend against incoming brute force quantum computing attacks. This leaves organizations ill-equipped to face the coming quantum computing challenges.
With quantum computing rapidly approaching, new quantum-resistant solutions, like post-quantum cryptography (PQC), are urgently needed to protect critical infrastructure. PQC adoption is a shift away from the legacy PKI cryptography we see today to more resilient algorithms that are resistant to quantum computer attacks. The U.S. government has even expressed the need for accelerated PQC adoption. Recently, President Biden signed the Quantum Computing Cybersecurity Preparedness Act, making it clear that organizations must adopt PQC as soon as possible to maintain resilience in the face of this new threat.
Fortunately, there are solutions already available to help streamline PQC migration and ensure a secure post-quantum future.
Preparing for a post-quantum world
Organizations should be focusing on implementing a PQC readiness roadmap to prepare for post-quantum era attacks. NIST announced four candidates for standardization in 2022 but they will not be finalized until 2024. Having a plan in place that clearly outlines how PQC will be integrated once available is key. To emphasize the need even further, NIST, CISA, and the NSA recently encouraged organizations to develop PQC readiness roadmaps.
Implementing this roadmap and getting on board with PQC as soon as possible is critical considering the Steal Now, Decrypt Later stance many threat actors are adopting. So far, two algorithms, XMSS and LMS, have released final versions and are moving towards addressing the new and stringent CNSA 2.0 requirements for PQC.
In addition to developing a PQC readiness roadmap, organizations must have the necessary tools to implement PQC once the algorithms are finalized. Field Programmable Gate Arrays (FPGAs) are the best tool for this as they can help facilitate PQC migration as part of a post-quantum readiness roadmap.
Some of the latest FPGAs contain “crypto agile” capabilities that deliver upgradeable protection. Their flexible programmability and parallel processing functions enable developers to easily update existing systems and hardware with new PQC algorithms for adherence to evolving standards. Further, some FPGAs contain Hardware Root of Trust (HRoT) functionality that ensures the protection of platforms and other connected device applications to safeguard an organization’s attack surface. Lastly, FPGAs accelerate complex mathematical functions to enhance system performance and protection.
Building a secure PQC future
Quantum computing has great potential to revolutionize our world—both positively and negatively. While we’ll see advancements in healthcare, finance, and other industries, the technology also possesses the ability to dismantle cybersecurity as we know it.
To navigate the rise of quantum computing, organizations must be committed to the proactive adoption of PQC to secure our systems, data, and infrastructure. Developing PQC readiness roadmaps becomes imperative, providing a structured approach for the integration of the new algorithms once finalized. Further, FPGAs emerge as indispensable tools in this transition, offering flexible programmability, enhanced protection, and the capability to adapt to evolving standards.
As we move into the quantum era, organizations hold the key to a secure digital future. With PQC, we can effectively safeguard against quantum-powered threats and ensure the resilience and security of tomorrow’s digital landscape.