A Comprehensive Guide to Quantum-Resistant Cryptography and Encryption

While still in their early stages of development, quantum computers are set to change the world — and that includes the ability to break the cryptography and encryption we use today. Quantum computers are approaching the computing power and stability needed to break public-key encryption protocols. The time to migrate to post-quantum cryptography is now.

Quantum computers apply the properties of quantum mechanics to processing power. This allows them to perform highly complex computations significantly faster than classical computers.

Before you can understand quantum computing, you must first wrap your mind around the “qubit.” In traditional computing, the basic unit of memory is a “bit,” which represents either a one or zero. On the other hand, a qubit can represent one, zero, or even a combination of them both at the same time — a phenomenon referred to as “superposition.”

When classical computers try to solve a problem with multiple variables, they must perform a new calculation whenever a variable changes. As a deterministic solution, each calculation is a single path to a single result. Quantum computers aren’t limited to one algorithm and can explore numerous pathways simultaneously.

In short, this ability means quantum computing is exponentially faster than the capabilities we have now.

Quantum computing has ushered in a major change for society – impacting everything from automotive to chemistry, biology, and physics. With unprecedented processing power, next-generation computers will have a tangible impact across several key industries:

• Automotive: Quantum computers could be applied to the manufacturing process, decreasing costs and shortening cycle times by optimizing productivity.
• Finance: Down the road, financial institutions will be able to leverage quantum technology for advanced portfolio and risk management.
• Artificial intelligence: Combining quantum computing with an AI and deep learning algorithm can greatly expedite data analysis, reduce training times, and optimize supply chain operations.
• Pharmaceuticals: Quantum computers have the potential to rapidly accelerate research and development. Moreover, they may reduce the reliance on trial and error to greatly improve R&D efficiency.

Today’s cryptographic systems provide more than enough protection against even the most persistent cybersecurity threats. However, none are safe from quantum attacks.

Luckily, there’s still no such thing as a cryptographically relevant quantum computer because there isn’t one sophisticated enough to crack public key encryption. However, cybercriminals are already harvesting information in anticipation of whenever that day arrives — a strategy known as “harvest now, decrypt later.”

Organizations with an abundance of data with long-standing value (typically 25 years) are particularly susceptible to the quantum threat. For example, critical infrastructures such as finance, healthcare, and government have already started transitioning to a quantum-safe security posture.

Many standard cryptographic schemes are vulnerable to quantum attacks. These include:

• Advanced Encryption Standard (AES) 256: Larger output needed
• Secure Hash Algorithm (SHA) 256 and SHA-3: Larger output needed
• Rivest-Shamir-Adelman (RSA encryption): No longer secure
• Elliptic Curve Cryptography (ECDSA and ECDH): No longer secure
• Digital Signature Algorithm (DSA): No longer secure

Take steps to secure your organization’s data — today and in the future — by migrating to post-quantum encryption. The process can take years and the National Institute of Standards and Technology (NIST) is actively working to establish new protocols.

Entrust is a participating member of the Internet Engineering Task Force (IETF) and participates with NIST to identify new quantum-resistant cryptography standards for the post-quantum world. It’s critical to begin planning to replace hardware, software, and services that use public-key algorithms now so that information is protected from the future quantum threat.

Quantum computers have largely been relegated to national labs and universities, but several brands are entering the race to create commercially available quantum computers, including IBM, Microsoft, Google, AWS, and Honeywell. While the technology is being developed, it stands to advance quickly. And widespread availability of quantum computers could increase the potential risk of public-key encryption.

According to McKinsey, the major players in quantum computer production, as well as a small cohort of start-ups, will soon increase the number of qubits their innovations can handle. By 2030, 5,000 quantum computers will be operational. However, organizations won’t have to wait long before they begin experiencing post-quantum security threats. The Global Risk Institute predicts that quantum computers will crack current cybersecurity mechanisms sometime between 2027 and 2030.

The good news is that breakthroughs in quantum safe cryptography have the potential to mitigate the impending threat to public key encryption.

As defined by Caltech, post-quantum cryptography (PQC) aims to create encryption methods that cannot be broken by a quantum algorithm. It uses the laws of quantum physics to transmit private data in an undetectable manner. This process is known as quantum key distribution.

A PQC algorithm compares measurements taken at both ends of a transmission, thereby allowing you to know if the key has been compromised.

Crypto agility, or cryptographic agility, is the ability to change, approve, and revoke cryptographic assets as needed to respond to developing threats.

Crypto agility gives you the ability to change cryptographic algorithms, combine encryption methods, increase encryption key sizes, and revoke digital certificates — all without significant security and IT lift. This makes it an important stepping stone for any organization on its path to post-quantum security.

There are a few simple steps enterprises can take to assess their crypto agility maturity.

1. First, identify the algorithm, data protection risks, and post-quantum challenges in your business operations. Does your organization use any cryptographic keys that are currently considered at risk?
2. Next, map out your migration plan and establish timeframes for achieving certain milestones. A successful migration can take years, so be sure to take a phased approach rather than biting off more than you can chew.
3. Lastly, review your governance against best practices for control, compliance, and skills in readiness for post-quantum migration testing and implementation.

Once you know what data is at risk, you can develop a detailed plan to mitigate potential threats. Or, use Entrust’s Cryptographic Center of Excellence for actionable recommendations to remediate identified risks in cryptosystems.

Achieving quantum readiness isn’t an easy task. Fortunately, there are four steps you can take today to ensure your journey starts on the right track:

1. Take inventory of your cryptographic assets and data and where they reside.
2. Prioritize your most valuable assets and those with the longest shelf life. Migrate this data to post-quantum encryption first.
3. Test quantum-resistant algorithms on a prototype data set before the real deal.
4. Plan a roadmap for migrating to PQC algorithms with your vendors.

Your organization doesn’t need to plan for post-quantum encryption all on its own. Entrust’s Cryptographic Center of Excellence (CryptoCoE) provides the tools and guidance needed to inventory and prioritize your data and cryptographic assets while putting a post-quantum plan into motion.