Quantum computing, often touted as the “next big revolution,” is a widely discussed topic in the tech world today. As breakthroughs in quantum research bring us closer to the reality of commercially viable quantum computers, discussions around their potential impact on current cryptography are intensifying. With NIST’s recent release of finalized Post-Quantum Cryptography (PQC) encryption algorithm standards, there is a heightened awareness of the quantum threat to data security, fueling an urgent push for the rapid adoption of PQC.
Despite the spotlight on post-quantum cryptography, misconceptions continue to cloud its understanding and importance. Many organizations are still undecided about taking proactive steps toward PQC readiness and quantum resilience.
This blog cuts through the confusion, sifting through the noise surrounding PQC, and aims to help you gain a clear-eyed perspective on why PQC matters and how important it is for organizations to begin their preparation for transitioning to PQC now.
PQC: Fact or Fiction
1. The current encryption methods used today are vulnerable to attacks by powerful quantum computers of the future
FACT: Yes, many of today’s widely used encryption methods, such as RSA, ECC, and ECDSA, will eventually be broken by large-scale quantum computers.
As we all know, cryptographic algorithms generally fall into two categories: symmetric and asymmetric. Symmetric algorithms use a single key for both encryption and decryption, while asymmetric algorithms rely on a pair of keys—a public key for encryption and a private key for decryption. Most of our online communications and transactions today are secured using asymmetric algorithms.
Asymmetric algorithms like RSA, ECC, Diffie-Hellman, and DSA rely on the complexity of factoring large prime numbers and computing discrete logs that are impossible for classical computers to solve. However, a sufficiently powerful quantum computer or a CRQC (Cryptographically Relevant Quantum Computer) will be able to solve these problems using Shor’s algorithm in a matter of seconds. This could result in a complete breakdown of our encryption infrastructure, exposing all our sensitive information, such as banking, healthcare, and government records, to malicious actors.
Although symmetric encryption is more resistant to quantum attacks, it isn’t immune. Grover’s algorithm can help quantum computers to perform brute-force attacks far more efficiently, reducing the effectiveness of symmetric keys by half, weakening the encryption significantly. This means AES 256-bits will provide security akin to AES 128-bits in a quantum world. Longer key lengths will be necessary to maintain strong security.
Currently, practical quantum computers that can break these encryption methods at scale do not exist. However, research, standardization, and adoption of quantum-safe algorithms are ongoing priorities to prepare for future threats and ensure data security in a post-quantum world.
2. The new NIST PQC standards include encryption algorithms that are designed to protect against attacks from quantum computers.
FACT: The new NIST PQC (Post-Quantum Cryptography) standards include encryption algorithms designed to protect against attacks from both classical and quantum computers. These standards include:
- FIPS 203, based on the CRYSTALS-Kyber algorithm (now ML-KEM), for general encryption
- FIPS 204, based on the CRYSTALS-Dilithium algorithm (now ML-DSA), for digital signatures
- FIPS 205, based on the SPHINCS+ algorithm (now SLH-DSA), for digital signatures (an alternative approach)
They were developed as part of an ongoing effort to ensure that cryptographic systems remain secure in the face of future quantum computing advancements.
Note: NIST is also developing the FIPS 206 standard around the FALCON algorithm, tentatively named FN-DSA, and planned for release in late 2024.
Where earlier forms of cryptography relied on factoring large numbers, these new standards rely on the complex mathematics of polynomial lattices and stateless hash functions. Cracking them would be an impossible task for even the most powerful quantum computer. Therefore, it is the best protection for our critical information systems and data in the quantum future.
3. Even with NIST’s recent announcement, PQC is still just a buzzword and there is no immediate call to action.
FICTION: Despite the hype around quantum breakthroughs, post-quantum cryptography is not merely a buzzword. The development and standardization of PQC algorithms are critical steps in preparing for the future impact of quantum computing on data security. With experts predicting the arrival of a CRQC as early as 2030, organizations are encouraged to begin preparing for PQC adoption now, as sensitive systems and data may be at risk long before a CRQC is fully developed. Failing to understand the importance of PQC can leave high value systems and data vulnerable to “harvest now, decrypt later” attacks that can prove catastrophic when quantum computers become available.
Call to action now:
- Discovering cryptography across the infrastructure and building a Cryptography Bill of Materials (CBOM) – a comprehensive inventory of all the public and private certificates for complete visibility
- Assessing cryptographic systems and the data they protect to prioritize high-value sensitive assets for the transition
- Evaluating the new standards and scoping their impact on existing cryptographic systems
- Identifying systems that need upgrades or replacement and understanding their supply-chain dependencies
- Engaging with third-party vendors to ensure they integrate the new PQC standards into their products/platforms to enable interoperability
- Establishing policies around algorithm replacement
- Building crypto-agility to efficiently and securely transition to PQC at scale
AppViewX can help you implement crypto-agility and start preparing today for Post-Quantum Cryptography
4. Crypto-agility is highly recommended for PQC readiness and successful PQC implementation
FACT: As cryptographic threats evolve and new crypto standards are developed, organizations will need the flexibility and agility to make necessary changes to their cryptographic infrastructure quickly and at scale. Crypto-agility is a design principle that provides this flexibility by enabling visibility, automation, and policy-control in certificate lifecycle management.
This is particularly important during the PQC transition, where you are required to inventory all cryptographic assets, build visibility into where and how cryptography is being used within your organization, automate the replacement of vulnerable cryptography with PQC when it’s time, and enforce policies around algorithm replacement.
Crypto-agility is also essential to implement hybrid approaches (using classical and quantum-resistant algorithms together), enable backwards compatibility with legacy systems and make swift updates as PQC algorithms are further refined. Without crypto-agility, the migration process could become lengthy, costly, and risky, making it harder to keep up with PQC requirements.
While the conversation around crypto-agility is often centered on PQC readiness, maintaining crypto-agility is essential to tackling ongoing cryptographic developments and future-proofing your organization’s infrastructure.
At the Billington CyberSecurity Summit earlier this month, several federal officials were cited emphasizing crypto-agility as a bigger priority than PQC readiness itself.
Phil Stupak, the assistant national cyber director for Federal cybersecurity in the White House Office of the National Cyber Director, said: “This (PQC) transition isn’t the first or last time that cryptography needs to be updated in systems, which is why systems designed with more agility are helpful. Being able to have an agile environment where you can change out your cryptography is going to save you, not just today, but it’s also going to save you multiple times in the future.”
Department of Energy CIO Ann Dunkin echoed this sentiment, stating “Just like software is now being built so it’s easy to decompose, the same needs to happen for encryption. Pulling a quantum module out of a solution and putting a new one in when there’s new technology or algorithms “needs to be much easier.”
5. “Harvest Now, Decrypt Later” (HNDL) is not a real threat
FICTION – “Harvest now, decrypt later” (HNDL) is a real, relevant, and serious threat. HNDL refers to a strategy where attackers intercept and collect encrypted data today, with the intent to decrypt it in the future using powerful quantum computers. The idea is that even if current encryption algorithms, like RSA or ECC, are secure against today’s classical computers, they could be broken by future quantum computers.
This is particularly alarming for data that is valuable, sensitive, and has a long shelf life, such as personal information, financial transactions, intellectual property, healthcare records, and state secrets, which may need to remain confidential for years or even decades. Once quantum computers are advanced enough, attackers can return to the stored data and use quantum algorithms (like Shor’s algorithm) to decrypt it, exposing the information. The risk of “harvest now, decrypt later” attacks is a key reason why adopting post-quantum cryptography is critical.
6. PQC is exclusively for the federal government
FICTION – PQC is not exclusive to federal agencies. Although the Biden Administration has been actively advocating and leading the charge in the early adoption of PQC due to national security concerns, PQC is crucial for any organization that relies on cryptography for trust, encryption, secure communications, digital signatures, and authentication.
The primary objective of PQC is to protect data from current and future quantum-enabled threats. So businesses that handle sensitive data that needs to be secure for more than 10 years or so will need to adopt PQC to safeguard it from HNDL attacks.
In May 2022, the Biden government issued a National Security Memorandum (NSM-10), directing federal agencies to begin transitioning to quantum-resistant cryptography. This move was part of a broader national strategy to address the risks quantum computing poses to government and critical infrastructure systems. Following the executive order, the Office of Management & Budget (OMB) has since issued another memorandum (M-23-02) and an exclusive report outlining the strategy and clear steps to follow in preparation for PQC. These guidelines also extend to industries outside the federal sphere and are meant to prompt all organizations to create their crypto-agility and PQC-readiness roadmaps.
7. Implementing PQC will require a complete overhaul of existing cryptographic infrastructure.
FICTION – Transitioning to Post-Quantum Cryptography (PQC) is indeed more complex and time-consuming than previous cryptographic upgrades, but the complexity varies depending on your existing infrastructure. Many systems can integrate PQC algorithms alongside existing ones. Systems using modular cryptography may be easier to update, but those deeply integrated with specific algorithms may require significant redevelopment.
PQC algorithms typically have larger key sizes and may need more computational resources. This could mean more overhead in terms of processing power, memory, and even changes in network bandwidth and latency. Systems must be optimized to handle these new demands. Additionally, broader infrastructure components, like key management systems (KMS), hardware security modules (HSM), server and client side applications, secure communication protocols such as TLS, and cryptographic libraries will need updates to support PQC algorithms. You may also need to work closely with third-party vendors to address the performance impact and interoperability issues that may arise during or after PQC migration.
To manage costs and minimize downtime, you can create a phased migration plan spread over the next 5-10 years, starting with the most critical systems. Careful planning, comprehensive documentation, testing in isolated environments, and gradual rollouts can help ensure a smooth and successful transition.
Post-Quantum Cryptography Resources and Tools from AppViewX to Help You Get Started:
-
AppViewX PQC Solutions:
To facilitate a seamless and efficient transition to PQC, AppViewX offers:
-
- AppViewX PQC Test Center: A dedicated free online resource built to help organizations assess their PQC readiness by generating and testing quantum-safe certificates prior to their integration into existing systems, workloads and machines. You can quickly set up your own quantum-safe PKI hierarchy and generate PQC ready certificates and keys to test their compatibility in your environment. Visit the AppViewX PQC Test Center and begin your PQC journey today.
-
- PQC Certificate Lifecycle Management: The AppViewX AVX ONE platform offers a comprehensive certificate lifecycle management solution to help enable PQC readiness and crypto-agility with complete certificate discovery and inventory, full certificate lifecycle automation, and total certificate control across the enterprise.
-
PQC Resources:
Build a solid understanding of what, why, and how of post-quantum cryptography with these resources:
Tune into our upcoming Panel Discussion with Murali Palanisamy, Chief Solutions Officer at AppViewX and Ganesh Gopalan, VP & General Manager of Identity Security at AppViewX to explore the state of PQC, next steps, and key strategies for PQC readiness.
Learn how AppViewX can help you prepare for PQC transition
Discusses the concept of crypto-agility, the current state of cryptographic algorithms, strategies for implementing crypto-agility, and case studies of organizations actively preparing for the quantum era now.
Covers the what, why, and how of crypto-agility in a nutshell
Listen to Ganesh Gopalan, VP and General Manager of Identity Security discuss the latest trends in PKI, what the implications are for enterprises and the ultimate call-to-action – implementing Crypto-Agility.