In our latest guest blog feature, Newcastle University student, Felix Arkle, discusses Post-Quantum Cryptography.
The Incoming Quantum Threat
You may have heard the buzzword quantum being thrown around alongside promises of revolutionary breakthroughs in computing power, but behind all the hype lies a serious threat to the security foundations our digital world is built upon. With rapid advances and major investment, there’s no doubt that feasible quantum computers are around the corner, but to many, this doesn’t mean much. Quantum computers and explaining them is a challenge , however, the key point is that they exploit weird quantum phenomena to produce outcomes that classical computers fail to. For some problems, they offer exponential speedup, and for others, a classical computer would be just as fast, if not faster.
Why is it a Threat to Current Cryptography?
Current cryptography relies on one important principle: there are problems so hard that it would take a classical computer millions of years to solve, and therefore, your data is safe. These are usually maths problems, such as factorising numbers with hundreds of digits into their prime factors, however, the current cryptography implemented today will be easily exploited when quantum technology advances to the stage that the algorithms to break them can be run.
What is Post-Quantum Cryptography?
Post-quantum cryptography (PQC) addresses this problem, using encryption that relies on mathematical problems that would take even quantum computers an impractical amount of time to solve. By embedding this PQC into systems, it ensures that once quantum computers reach the stage in which they can break modern encryption standards, the new systems and standards will be resilient to those attacks. This cryptography comes with the downside of being more resource heavy on systems.
Why Prepare Now?
The migration to post-quantum cryptography won’t be a quick or easy process and will take time to plan, a national technological change will take years at best. Not only do companies need to be resilient to a post-quantum world, but another pressing concern is attackers already harvesting encrypted data today with the intention to ‘store now, decrypt later’. Attackers could wait for the technology to become available then use it to decrypt and access sensitive information, it will be especially dangerous for healthcare, finance and defence services. The National Cyber Security Centre (NCSC) is advising that migration over to PQC should be done within the next ten years at a maximum to ensure data security.
The Negatives of Not Acting Soon Enough
Those organisations that are proactive could reap many benefits, from an increase in trust from stakeholders to potentially saving themselves millions in cyber attacks. Non-compliance with future standards could lead to liability and regulatory penalties, especially as governments begin to mandate quantum-resistant security. Organisations that delay risk facing rushed and expensive last-minute upgrades.
What Can Your Organisation Do Today?
Just by being aware of the potential dangers quantum will bring to cyber security you’re giving your organisation more than most. By 2028 NCSC recommends having migration goals, so begin by identifying where the key areas of your business, or third-parties used, that are most at risk of a breach.
Quantum computing is a real threat that organisations will have to prepare for, so think long term resilience and start early to stay ahead.