The Case for Implementing Post-Quantum Cryptography Today
Posted on April 19, 2022, by Rebecca Krauthamer in Best Practices
Click here to read the full article published in Best Practices for Information Security Solutions Review
As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories—Rebecca Krauthamer, the Co-Founder and Chief Product Officer at QuSecure, shares some expert insights on the value of implementing post-quantum cryptography.
In the past three decades, public-key cryptography has become an indispensable component of our global communication digital infrastructure. This technology keeps our data safe and scrambles data by plugging one number into an encryption algorithm, which then descrambles the data when another number is introduced. The former is the “public key,” and the latter is the “private key.” Large-number factoring is the foundation of today’s encryption standards powering public-key encryption. It is mathematically impossible to reverse engineer a private key with a “brute force” calculation on today’s computers.
At least, that’s what it looks like today, but powerful quantum computers will emerge on the near horizon (as soon as three years) that will change things. Quantum computers can slice through data like no computer can today and breakthrough code causing massive data breaches. Classical computers use digital bits to process data as zeros and ones. These computers are typically set for general or special purposes, programmed to perform various tasks. Quantum computers use qubits, which can simultaneously represent any combination of zeros and ones. The logic of a quantum computer offers possibilities beyond that of a traditional computer because it does not have to reduce data to a string of zeros and ones by using sub-atomic properties like superposition and entanglement.
These mega computation devices will unlock too many valuable opportunities to count. And they are also incredibly good at solving precisely the kind of math that has kept public key encryption unbreakable for so many years.
Potential Impacts on Organizations
Imagine a bad actor being able to intercept encrypted enterprise intellectual property, private financial information, personal health data, or sensitive personally identifiable information (PII) that flows across the globe, reading it as quickly as you can read this article. Secrets could be unlocked and leveraged the way we did after cracking the Nazi Enigma codes.
Banks, government agencies, healthcare organizations, other enterprises, or anyone trusted with sensitive information should think not just about preparing for the future but about the SNDL—store now, decrypt later—scenario happening today. Aaron Moore, Co-Founder of Optimized Talent, said, “The immediate threat is that an attacker can record data encrypted using asymmetric encryption now in preparation for breaking the encryption later, once scalable quantum computing is available. This is particularly threatening for long-lived information assets (think bank account numbers, for example). Post-quantum resilience is needed today.”
#technology, #cybersecurity, #cyberdefense #ciso, #quantumcomputing, #cyberattacks, #quantum, #cto, #cisos, #technologynews, #quantumtechnology, #quantumphysics, #cybersecuritythreats, #ctos, #quantumtechnologies, #cyberresiliency, #quantumtech, #quantumsecurity, #quantumcommunication, #quantumsoftware, #quantumiscoming