Pages

5 July 2023

Technology Primer: Post-Quantum Cryptography

Andrew Trzcinski, Sreya Vaidyanathan, Ariel Higuchi, Amritha Jayanti 

Cryptography is a ubiquitous technique that supports secure, private communications. In the digital age, conventional cryptography relies on hard mathematical problems to encrypt data; these mathematical problems are infeasible to solve with current computers. However, the rise of quantum computers, which have enhanced computational capabilities, poses a threat to conventional techniques by offering a path to efficiently solve these hard problems and breach encryption. In response, the field of post-quantum cryptography (PQC) has emerged to research and develop new cryptographic approaches that will allow for the secure transfer of information in the wake of quantum computers.

Although quantum computing is still in its nascent stages and the scaled, commercial viability of error-corrected quantum computers likely will not be reached for some time, experts widely recommend that migration of classical cryptographic standards to PQC must be understood as a time-critical undertaking, requiring present-day action by major industries and organizations. In fact, cyberthreats to encrypted data (that can be decrypted using quantum tools in the future) are already a concern.

To sustain the privacy and integrity of their data ecosystems, industries and their stakeholders are being urged to take proactive steps toward PQC migration, keeping in mind that it requires a complex, long-term, and potentially costly implementation process, with several cross-functional dependencies. The scope and pace of migration may vary based on the nature of the industries and architecture, the specific applications of classical cryptographic standards, and the varying degree of sensitivity of data within an organization.

To that end, PQC migration remains contingent on standardization and regulatory guidance issued by government agencies and policymakers. Standardization and regulation of PQC are already underway in many countries, with considerable public-private collaboration to solicit and evaluate quantum-resistant public-key algorithms.

Policymakers, security advisors, and other decision makers will need to consider which of their existing security protocols may be at risk and unsafe in the face of this threat to ensure the security of their critical systems, databases, and products in a post-quantum environment.

No comments:

Post a Comment