The need for post-quantum cryptography in the quantum decade

Cyber resilience has long been a key focus for industry leaders, but the stakes have been raised with the rapid acceleration of quantum computing. Quantum computing is a cutting-edge innovation that combines the power of computer science, physics, and mathematics to rapidly perform complex calculations outside the realm of classical computing. Expected to be commercialized by 2030, it offers incredible potential to further digitalize key industries and redefine the role technology plays in geopolitics. The possibilities of the post-quantum era cannot be understated.

While quantum computing can positively serve humanity in a myriad of ways, it also brings concerning cybersecurity threats. In turn, the U.S. government and security leaders have called for accelerated post-quantum cryptography (PQC) migration. President Biden signed the Quantum Computing Cybersecurity Preparedness Act after visiting IBM’s quantum data center in October 2022. In addition, NIST, CISA, and NSA recently advised organizations to develop PQC readiness roadmaps.

The message is clear: quantum-powered cyberattacks are of growing concern, and maintaining resilience in the face of this new threat is different than anything we’ve faced before.

Breaking down the threat

Quantum computing’s biggest double-edged sword is its ability to quickly and easily solve complex algorithms intended to safeguard systems and data. Quantum computers are exceptionally fast, utilizing specialized hardware components that leverage quantum physics to outpace current supercomputing technology.

For example, IBM and UC Berkeley recently collaborated on a quantum computer that performs calculations quicker and more accurately than supercomputers at Lawrence Berkeley National Lab and Purdue University. While this newfound speed might seem like a good thing, it’s also exceedingly dangerous.

Additionally, quantum computers have an innate ability to compromise legacy public key infrastructure (PKI) cryptographic algorithms, the type of algorithms utilized by most of today’s classical computing systems. By leveraging Shor’s Algorithm, quantum computers are able to factor and then decipher these PKI-based algorithms and bypass security controls.

Between their unmatched speed and ability to compromise most of the security measures utilized today, quantum computers are a huge threat to modern enterprises and, as such, new quantum resistant PKI encryption and cyber resiliency solutions are needed to mitigate risk.

Post-quantum cryptography

Due to the imminent threat of quantum computing, we’re seeing more and more organizations adopt post-quantum cryptography (PQC). At its core, PQC migration is about shifting away from legacy PKI-based cryptography to post-quantum cryptography that will be resilient to quantum computer attacks.

It’s worth noting here that bad actors are adopting a ‘steal now, decrypt later’ stance that puts significant confidential data stored on the cloud today at risk of future disaster as more and more capable quantum computers come online.

The shift to PQC is necessary and timely, especially since the existing security standards many organizations use today do not implement PQC infrastructure that protects against quantum computing attacks. For example, widely used security standards like Trusted Platform Modules (TPMs), IEC 62443, and ISO/SAE 21434 do not require PQC algorithms. Systems and devices built today to these specifications will not have what is needed in the future to be quantum safe.

While the transition to PQC won’t be immediate, we’re making exceptional progress. The U. S. National Institute of Standards and Technology (NIST) is in the process of an ongoing competition to find the best PQC algorithms to replace legacy PKI algorithms. The trials started in 2016 and, in July 2022, they announced four candidates for standardization, plus additional candidates for a fourth round of analysis. These four candidates—as well as the fourth-round selection—will become the new NIST-approved encryption standards.

Implementing PQC at scale

With quantum computers likely arriving sooner than anticipated, organizations must start constructing their own PQC migration roadmaps to build resilience for post-quantum attacks. NIST’s first standardized PQC algorithms are expected to be ready in 2024; however, organizations must begin making changes to their production and manufacturing efforts now to streamline migration once available. Through the integrated adoption of field programmable gate arrays (FPGAs), organizations can position themselves to facilitate PQC migration for a post-quantum future now.

FPGAs contain “crypto agile” capabilities that deliver enhanced protection. With flexible programmability and parallel processing functions, they can enable developers to easily update existing systems and hardware with new PQC algorithms for adherence to evolving standards. Further, FPGAs accelerate complex mathematical functions to enhance system performance and protection.

While quantum computing’s potential to revolutionize our world is massive, it’s overshadowed by the technology’s dangerous ability to dismantle cybersecurity and encryption. As we enter this new post-quantum world, cyber resilience is taking on a new meaning, one that demands our unwavering commitment to securing our systems, data, and infrastructure in the face of quantum-powered challenges. Now, maintaining resilience means implementing post-quantum cryptography facilitated by FPGAs to withstand attacks from quantum computers.

The need for PQC cannot be emphasized enough and it’s imperative that governments, industries, and organizations actively collaborate to implement solutions, such as those available today with FPGAs that safeguard our digital future from quantum-powered threats.

Eric Sivertson is VP of security business at Lattice Semiconductor.

Related Content

The Basics Of Quantum Computing
Post-Quantum Cryptography: Are You Ready?
Securing the Internet of Things in a Quantum World
Hardware security entering quantum computing era
U.K. Conference Accelerates Post-Quantum Cryptography Standards Review Process
<!–

–><!–

div-gpt-ad-inread

–>

The post The need for post-quantum cryptography in the quantum decade appeared first on EDN.