Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:30 AM
Tim Hollebeek
Tim Hollebeek
Connect Directly
E-Mail vvv

Start Preparing Now for the Post-Quantum Future

Quantum computing will break most of the encryption schemes on which we rely today. These five tips will help you get ready.

Search on the phrase "quantum computing," and you'll find a furious debate. On the one hand, you'll read breathless articles predicting groundbreaking advances in artificial intelligence, genomics, economics, and pretty much every field under the sun. On the other, you'll find the naysayers: It's all hype. Large-scale quantum computers are still decades away — if they're possible at all. Even if they arrive, they won't be much faster than standard computers except for a tiny subset of problems.

There's one area, however, where you'll find all sides agree: Quantum computing will break most of the encryption schemes on which we rely today. If you're responsible for your organization's IT or security systems, and that sentence made the hair on the back of your neck stand up, good. To get ready for a post-quantum world, you should be thinking about the problem now.

So Long, Encryption
Much of the debate around what quantum computers can do remains speculative, but there are a few areas where we know they'll excel. Back in 1994, mathematician Peter Shor developed a quantum algorithm that can perform certain types of calculations, such as finding the prime factors of huge numbers, far more quickly than classical computers. Well, today's most widely used encryption systems rely on those types of calculations.

According to the Cloud Security Alliance's Quantum Safe Security Working Group (emphasis added):

Large-scale quantum computers will be able to use Shor's algorithm to break all public key systems that employ RSA (integer factorization-based), Diffie—Hellman (finite field discrete log-based), and Elliptic Curve (elliptic curve discrete log-based) Cryptography. These algorithms underpin essentially all of the key exchange and digital signature systems in use today. Once reasonably sized quantum computers capable of operating on tens of thousands of logic quantum bits (qubits) exist, these public key algorithms will become useless.

For the moment, quantum computing at those scales is still hypothetical. Current quantum computers, like those being developed by IBM and Google, can process a limited number of qubits. But researchers are pushing those limits every day.

"It might still cost an enormous amount of money to build," says one of those researchers, MIT's Isaac Chuang. "But now it's much more an engineering effort, and not a basic physics question."

Time Is Not on Your Side
So, breaking RSA and other common encryption schemes sounds pretty bad. But if large-scale quantum computers are still 10 to 15 years away, as even optimistic researchers believe, we have plenty of time to develop post-quantum cryptography solutions, right? Not really. There are two issues.

First, if you accept that 10- to 15-year window, products shipping right now will still be in the field when the first large-scale quantum computers come online. Consider Internet of Things (IoT) devices like connected cars, smart power and water meters, control systems for major power, and transportation infrastructure. Many of those devices are designed to operate for a decade or longer. Almost all of them use RSA.

Second, while some of the world's brightest minds are working on "quantum-safe" encryption mechanisms, the process will take time. Implementing the new standards they ultimately recommend will take even longer.

Think about every process and device in your organization that relies on public key systems: Email. Authentication. Every online financial transaction. How long will it take to change and update those systems? Years, most likely. If you're in a heavily regulated industry like financial services, with complex and specific compliance requirements, expect the process to take even longer.

"It has taken almost 20 years to deploy our modern public key cryptography infrastructure," notes the National Institute of Standards and Technology (NIST) in its "Report on Post-Quantum Cryptography." "It will take significant effort to ensure a smooth and secure migration from the current widely used cryptosystems to their quantum computing resistant counterparts. Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing."

Take Action
It may take a while for industry groups to settle on the best approaches to post-quantum encryption and authentication, but you don't have to wait. There are steps you can take now to prepare:

  • Keep an eye out: Monitor the development of both quantum computers and post-quantum standards and protocols, especially when designing IoT devices with a 10-year-plus lifespan.
  • Double key sizes: If you think your current systems will still be around when quantum computing debuts, double your key sizes for symmetric algorithms. A good place to start is AES-256, which is not much less efficient than the shorter key versions. For collision-resistant hash functions, use SHA-512.
  • Embrace the hash: Hash-based signatures are a viable quantum-safe trust mechanism you can use in the near future, with NIST expected to standardize them in 2019. These signatures can also be used to securely deploy more advanced quantum-safe technologies in the future.
  • Mix and match crypto: Some in the financial industry are exploring hybrid cryptography, which combines conventional RSA or elliptic-curve cryptography with one or more of the new "quantum-resistant" algorithms. In this model, cracking a key exchange would require an attacker to break multiple encryption schemes at once.
  • Talk to your provider: Make sure you're talking to your cryptography provider about their plans for quantum-resistant computing, particularly if you're producing IoT-enabled products with long operating lives. An experienced provider should be able to help you build quantum-resistant crypto into your deployments, such as certificate-based authentication using public key infrastructure.

The debate around quantum computing will likely rage on, and we may not have clear answers to the biggest questions for several years. But smart IT and cybersecurity professionals are taking a proactive approach. By starting to prepare now for a post-quantum world, you can make sure that when the wave comes, you're able to ride it — instead of getting crushed.

Related Content:

Timothy Hollebeek has 19 years of computer science experience, including eight years working on innovative security research funded by the Defense Advanced Research Projects Agency. He then moved on to architecting payment security systems, with an emphasis on encryption and ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
1/2/2019 | 1:41:25 PM
Re: Classical is better
It is true that potential number-theoretic breakthroughs could threaten RSA before quantum computers do.  I know several experts who view this as an additional reason to move to post-quantum methods before that happens.

However, it is not true that smart people have ignored or neglected the problem of finding better classical factoring algorithms.  Plenty of effort has been expended by some extremely smart number theoreticians for a long, long time, yet 2048-bit numbers still cannot be factored in "minutes" as you suggest.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
12/29/2018 | 6:21:10 PM
trumping the 5G race
Making these trends all the more important is the notion that secure quantum communications will be the next big thing after 5G -- and, thus, critical to national security, as highlighted by a recent USAF report.

In particular, the report pointed to recent experiments involving a Chinese launched satellite from which tthe altering of quantum subparticles entangled with quantum subparticles on Earth affected the latter subparticles -- and further experimentation in that field by scientists around the globe.
User Rank: Apprentice
12/29/2018 | 7:27:56 AM
Classical is better
"While some of the world's brightest minds are working on "quantum-safe" encryption mechanisms, the process will take time..."


It's all very well being "some of the world's brightest minds", but when number theoretic problems like integer factoriation are solved in practically fast polynomial time on classical computers, thanks to a very deep understanding of number theory translated into clever and efficient algorithms that can break RSA-1024, 2048 or 4096 in a matter of minutes, then quantum computers will become a rather moot point. It's like saying I can build a ten tonne hydraulic steam hammer press, and it can crack all types of nuts instantly, including cashews, walnuts, almonds and brazils, when in fact a small, hand-held vise-like tool can perform the job just as well, and with magnitudes less effort and expense. Added further to that, is the fact that with quantum computers, there's a form of 'quantum cop-out', where we have no greater understanding of number theory than we did before, we simply rely on quantum spookiness to solve our problems for us, instead of old fashioned ingenuity, tenacity and resilience when tackling difficult mathematical problems. You'd be suprised how far you could progress in solving these problems classically, if you but only tried. Maybe some old-fashioned discernment and wisdom would go a long way in general in the modern world. If as many people as are working on quantum computers, worked with as much effort and enthusiasm on understanding number theory problems, then these problems would have been solved satisfactorily quickly and efficiently many years ago, all the while increasing our insight into the nature of these problems, and having many important and useful corollaries and knock-on effects in other fields as well.   
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-14
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
PUBLISHED: 2021-05-14
A Zip Slip vulnerability was found in the oc binary in openshift-clients where an arbitrary file write is achieved by using a specially crafted raw container image (.tar file) which contains symbolic links. The vulnerability is limited to the command `oc image extract`. If a symbolic link is first c...
PUBLISHED: 2021-05-14
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App o...
PUBLISHED: 2021-05-14
Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.
PUBLISHED: 2021-05-14
Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which may cause crafted files to be delivered to clients such that they are rendered directly in a victim's web browser.