Quantum computing is poised to deliver a giant leap forward in processing power, quickly solving complex problems that today’s computers take ages to complete. A quantum computer’s power is its ability to generate and manipulate quantum bits, or qubits, rather than the ones and zeroes of today’s computers.
When security systems are not built to address new crypto algorithms, however, they are vulnerable to new cyber threats. According to organizations such as the National Institute of Standards and Technology (NIST), current public key cryptography will be broken by a large-scale quantum computer within 10 years, placing your customers at risk.
While quantum computers may be years away, technology vendors need to address formattable algorithms such as quantum cryptography today to be prepared to withstand future post-quantum computer attacks. Giving information security systems the flexibility to support current and future cryptographic algorithms without requiring significant system changes, which I call “crypto-agility,” is a business imperative if an organization is to be prepared for the quantum computing threat.
Readying yourself for post-quantum crypto should begin with asking your technology partners if they support crypto-agility. If they don’t, working with a trusted certificate authority (CA) could be the answer you need.
CAs issue TSL/SSL certificates and certify the ownership of digital keys. They provide foundational technology in the form of encryption and authentication, called public key infrastructure, or PKI. Web servers and IoT devices using PKI have validated domain names and identities, and use encrypted communication. Digital infrastructure affects virtually everything and everyone these days, so PKI is mission-critical when it comes to protecting governments, businesses, and users.
Ben Franklin once said, “an ounce of prevention is worth a pound of cure.” This holds true today when it comes to protecting enterprise assets with the right security solutions. Here are three steps you can take now to prepare yourself for the post-quantum future:
1. Participate in the post-quantum crypto (PQC) technology ecosystem
Today, many companies are collaboratively developing and integrating products and services to create next-generation PQC solutions. By aligning with others in the industry, you will be ahead of the curve as we move into the PQC era.
2. Deploy future-proofing crypto technology
Look for companies you can work with that have crypto-agility technologies, tools, and solutions. You need this now to create proofs of concept and test and verify products. This will help you better understand what the problems are and how you can work with your technology partners to solve them. It will also help you understand how these technologies will integrate into existing systems.
3. Consider thought leadership
Are you, or your customers, actively involved in the CA/Browser Forum or other standards groups, such as NIST? These groups advance industry best practices to improve how certificates are used to secure communications and protect identities. When a company gets involved in helping to develop standards and prepare for future transitions, they put themselves in a leadership position within the competitive landscape.
Having crypto-agility in place has become a necessity. Preparing now will enable you to migrate to cryptographic algorithms such as PQC in an easier, automated way. Choosing to delay will increase the vulnerability of your customers, who will lack the inherent safety measures and incident response mechanisms needed to protect them.
TIM HOLLEBEEK, who is industry and standards technical strategist at DigiCert, has more than 15 years of computer security experience, including eight years working on innovative security research funded by the Defense Advanced Research Projects Agency. He remains heavily involved as the primary representative for DigiCert in multiple industry standards bodies, including the CA/Browser Forum, striving for improved information security practices that work with real-world implementations. A mathematician by trade, Tim spends a lot of time considering security approaches to quantum computing.