What is Post-Quantum Cryptography and Why is it Important?
Quantum computing is advancing, and while experts are not sure when there will be a quantum computer powerful enough to break the RSA and ECC cryptographic algorithms that are currently in use, many are operating under the assumption that this will happen within the decade. But there's no way to know exactly when this will occur – it could happen sooner, or it could happen later.
Though there's still time before the threat is realized, now is the time to act and safeguard your organization. Read on to learn more about:
- The purpose of post-quantum cryptography (PQC)
- When the first quantum attack might strike
- Resources for understanding quantum-resistant cryptography
- Regulations and standards for the post-quantum (PQ) world
- How Entrust solutions can help prepare you for the quantum threat
Key Takeaways
- Quantum computing will eventually break today’s traditional public key encryption methods (mainly RSA and ECC), putting sensitive data, transactions, and identities at risk.
- Post-quantum cryptography (PQC) introduces new algorithms designed to resist attacks from quantum computers.
- Hybrid approaches, combining PQC with current encryption, allow organizations to maintain their security posture and backwards compatibility, while also preparing against the post-quantum threats.
- Early action is critical because data stolen today could be decrypted later when quantum computers are capable (“harvest now, decrypt later” risk).
- Entrust is a leader in post-quantum readiness, actively contributing to NIST, NCCoE, IETF standards and offering assessments, hybrid certificates, and migration tools to strengthen crypto-agility, as well as PQ ready solutions such as PKI and HSMs to help organizations with their implementation today.
What is the Purpose of Post-Quantum Cryptography?
Knowing the basics of quantum computing is essential to understanding PQC algorithms and their importance to enterprise cybersecurity.
Whereas a classical computer operates on binary code — meaning zeroes and ones — quantum computers encode data into qubits. A qubit is a superposition of all points in between, allowing it to represent either a zero, one, or a linear combination of the two. In simple terms, applying quantum mechanics to computing allows a quantum computer to perform calculations much faster than a traditional one.
This has the potential to greatly benefit many industries, including healthcare, finance, and more. However, it’s also a major threat to cryptographic systems in use today, such as public key infrastructure (PKI). With their ability to calculate at lightning speed, quantum computers will be able to crack today’s standard encryption methods, which are widely used to protect sensitive data and safeguard against theft, fraud, and exploitation.
PQC Algorithms
Also known as "quantum-resistant" or "quantum-safe" cryptography, PQC aims to replace the hardware or software of the cryptographic systems currently in use, in order to protect your data or information against an eventual quantum attack. In essence, PQC algorithms rely on mathematical equations — such as lattice-based or multivariate cryptography — that are believed to be too difficult for quantum computers to solve.
The question is, when will quantum computers become viable? There’s no definitive answer, but recent developments suggest the pace is quickly accelerating:
- Scientists in China announced their 56-qubit quantum computer took 1.2 hours to complete a task that would otherwise take eight years for the world’s most powerful supercomputer.
- Between 2019 and 2021, IBM quadrupled the number of stable qubits its quantum computer processor could handle.
- McKinsey predicts there will be up to 5,000 operational quantum computers by 2030.
Frequently Asked Quantum Questions
Are you struggling with knowing where to start in your post-quantum preparedness journey? Do you want to learn more about quantum computing, and how it will affect your industry?
View our guide to understanding post-quantum cryptography and encryption and answer your budding questions.
Quantum Threat Timeline
Although the timing of the quantum threat is unknown, it’s top of mind for security-conscious organizations. The Global Risk Institute recently surveyed leaders and experts of quantum science and technology to get their opinions on the likelihood and timing of the quantum threat to public-key cybersecurity. Some patterns emerged from their responses as seen in the illustration below.
Is quantum a threat to public-key cybersecurity?
Although the quantum threat will be realized within the decade, the transition to quantum-safe encryption methods will take several years. Fortunately, there’s still time to get the ball rolling and initiate the process. The Global Risk Institute outlines three parameters for organizations to better understand their level of readiness:
- Shelf-life time: The number of years the data should be protected for
- Migration time: The number of years needed to safely migrate the systems protecting that information
- Threat timeline: The number of years before relevant threat actors can potentially access cryptographically relevant quantum computers
Organizations won’t be able to protect data from quantum attacks if the quantum threat timeline is shorter than the sum of the shelf-life and migration times.
Post-Quantum Resources
Cryptography For Dummies
Read this ebook to explore comprehensive cryptographic security posture management, gain best practices for your journey to post-quantum readiness, and get up to speed on cryptographic agility
Entrust's Position on PQC
Entrust has taken a leading role in preparing for post-quantum cryptography by collaborating with other organizations to propose new IETF X.509 certificate formats that place traditional encryption methods like RSA and ECC side-by-side with new PQ algorithms.
For example, we’re closely following the work of organizations like the National Institute of Standards and Technology (NIST), which has a project underway to develop algorithms that are resistant to quantum computing and eventually standardize them. We want to help companies sustain their IT ecosystem to reduce replacements, maintain system uptime, and avoid costly changes caused by a lack of preparation.
Entrust has been actively leading the discussions in IETF Forums, where solutions can be considered within the PQ community. Our public propositions are published in the IETF standards forum:
Composite Keys and Signatures for Use in Internet PKI
The widespread adoption of post-quantum cryptography will bring the need for an entity to possess more than one public key for multiple cryptographic algorithms. Since the trustworthiness of individual post-quantum algorithms is in question, a multi-key cryptographic operation will need to be performed so that breaking it requires cracking each component algorithm individually. This requires defining new structures for holding composite public keys and composite signature data.
Multiple Public-Key Algorithm X.509 Certificates
This document describes a method of embedding alternative sets of cryptographic materials into X.509v3 digital certificates, X.509v2 Certificate Revocation Lists (CRLs), and PKCS #10 Certificate Signing Requests (CSRs).
The embedded alternative cryptographic materials allow a public key infrastructure to use multiple cryptographic algorithms in a single object. Moreover, it enables it to transition to the new cryptographic schemes while maintaining backward compatibility with systems using the existing algorithms. Three X.509 extensions and three PKCS #10 attributes are defined, and the signing and verification procedures for the alternative cryptographic material contained in the extensions and attributes are detailed.
Problem Statement for Post-Quantum Multi-Algorithm PKI
The post-quantum community (for example, surrounding the NIST PQC competition) is pushing for "hybridized" crypto that combines RSA/ECC with new primitives to hedge our bets against both quantum adversaries. It’s also advocating for algorithmic/mathematical breaks of the new primitives. After two stalled submissions, Entrust submitted a draft that acts as a semi-formal problem statement and an overview of the three main solution categories.
How Post-Quantum Computing Will Affect Cryptography
Properly designed digital signature schemes used for authentication will remain secure until the day a suitable quantum computer actually comes online. Today’s quantum computers are limited in size and, therefore, pose no threat to present-day cryptography. And several significant engineering obstacles must be overcome before the threat becomes real.
Nevertheless, experts think these obstacles will fade in time. Many predict that a quantum computer capable of breaking today’s standard public-key algorithms will be available within the planned life of systems currently in development.
Today’s public-key algorithms are deployed for authentication, digital signature, data encryption, and key establishment purposes. Once quantum computers of sufficient size become a reality, we’ll need to replace cryptographic schemes for each of these functions.
Data encryption and key-agreement algorithms are susceptible to a recorded-cipher-text attack, in which an adversary today records exchanges protected by pre-quantum algorithms and stores the cipher text for analysis in the future. This is what’s known as a “harvest now, decrypt later” strategy. Once a viable quantum computer is created, hackers will be able to recover the plaintext. Depending on the required algorithm security lifetime, pre-quantum cryptography will become vulnerable sooner for these key purposes.
Once a suitable quantum computer exists, a signer could repudiate signatures created earlier, claiming that they were forged using a private key broken later by a quantum computer.
Post-Quantum and Classical Hybrid Cryptography
There are different approaches on how to prepare for secure cryptographical communications in a post-quantum age. Using a hybrid approach is one of the more popular methods being proposed as a way of transitioning to the as yet undefined PQ algorithms.
The hybrid approach suggests that rather than trust one algorithm, it places traditional algorithms like RSA and ECC alongside new PQ algorithms. This is helpful for current use cases while pre-quantum is an acceptable method for authentication and to test IT ecosystems against PQ algorithms.
NIST PQC Standards and Regulations
Keep up with the latest developments in post-quantum standards, strategies, laws, and best practices.
Entrust Post-Quantum Solutions
Prepare your cryptographic assets for post-quantum by taking inventory, prioritizing your highest value assets, assessing your crypto-agility maturity, and testing and transitioning to post-quantum cryptography. Entrust has a leading role in helping you improve your crypto-agility and creating solutions to support your migration into a post-quantum world.
FAQs
What does post-quantum mean?
Post-quantum refers to the world of cryptography after quantum computers become powerful enough to break today’s encryption methods, such as RSA and ECC. Post-quantum cryptography (PQC) is designed to resist those future attacks and protect data that needs to remain secure for years to come.
What is the difference between post-quantum cryptography and quantum computing?
Quantum computing is the technology that ultimately poses the threat. It uses quantum mechanics to perform calculations far faster than traditional computers. Post-quantum cryptography is the defense. It relies on new mathematical algorithms that are believed to be resistant to the speed and problem-solving power of quantum computers.
How does post-quantum cryptography work?
PQC replaces current cryptographic algorithms with quantum-resistant ones, such as lattice-based or multivariate cryptography. These methods are considered too complex for quantum computers to solve in a practical timeframe. PQC can be deployed alongside existing algorithms in hybrid models, helping organizations begin the transition while maintaining compatibility.
What are the benefits of PQC?
PQC protects sensitive information against the risk of a future quantum attack. It allows organizations to secure long-lived data, maintain compliance with emerging regulations, and adopt a future-proof security model. By preparing now, enterprises can avoid costly emergency migrations later and maintain trust in digital systems.
Is quantum computing a cybersecurity threat?
Yes. While today’s quantum computers are not yet powerful enough to break modern cryptography, experts expect this will change in coming years where a cryptographically relevant quantum computer (CRQC) will be capable of breaking traditional cryptography in use today (RSA and ECC). Once that happens, attackers could decrypt stored data or forge digital signatures. This is why forward-looking organizations are beginning their migration to post-quantum cryptography today.
Begin Your Post-Quantum Journey Today
Download our ebook now for more information about how Entrust solutions can help you defend against the impending quantum threat.