Op-Ed: Post-Quantum Cryptography Algorithms Are Here, Now What?

Op-Ed: Post-quantum cryptography algorithms are here – now what?

Everyone is talking about artificial intelligence (AI) right now, but the media hype around it risks overshadowing another rising technology with much greater potential for disruption: quantum computing.

According to Australia’s Department of Industry, Science and Resources, Australia’s quantum technology chance It’s immense. The nation has been recognized as a global leader, home to some of the best minds in quantum research and applied technology.

With great progress comes even greater threat

While we have not yet fully entered the quantum era, technology is advancing rapidly and it will not be long before a quantum cyberattack becomes a real possibility. That’s why leaders and researchers around the world are working to discover the next innovation in quantum security, and great progress is being made.

In August 2024, the National Institute of Standards and Technology (NIST) announced that there were finalized the main set of encryption algorithms. Based on post-quantum cryptography (PQC) technology, the algorithms are designed to resist cyberattacks from a quantum computer.

This development is very important around the world, including here in Australia. Algorithms will become the reference point for the australian Signal Direction (ASD) to set our regional standards in the face of a rapidly emerging threat landscape.

Quantum cyberattacks circumvent current security

The potential threats that will arise from quantum computing will be unlike anything we have experienced before. Armed with quantum power to break traditional encryption algorithms, cybercriminals will be able to analyze massive amounts of data, paralyzing large networks in a matter of minutes. Everything we use today to protect our connections and transactions (keys, certificates, and data) will be at risk.

Such 2024 Data Threat Report shows that almost a quarter of Australian organizations consider PQC as the biggest concern for their security program. Harvest-now-decrypt-later (HNDL) attacks are raising the most immediate concerns around quantum computing, as they allow criminals to collect encrypted data today with the intention of decrypting it in the future, when the capabilities become available.

Australian IT and security professionals are also very concerned about future encryption compromise (65 per cent), key distribution (63 per cent) and network decryption risk (52 per cent).

What industries are at risk?

All organizations that rely on data or rely heavily on digital networks are at risk, but certain industries are particularly vulnerable to quantum attacks. This is partly due to the lifespan of the data or keys, as well as the HNDPL strategy that cybercriminals employ.

Any software that requires authentication for smart devices in IoT, sensitive communications over VPNs, digital identities used by governments and businesses to validate users, as well as any keys or data with a long shelf life, such as medical devices, are of particular concern.

A new approach to digital security

Post-quantum cryptography, also known as quantum resistant cryptography (QRC), focuses on the development of cryptographic algorithms and protocols capable of withstanding the power of quantum computing.

These cryptographic algorithms derive their security from mathematical problems considered difficult for both classical and quantum computers. They offer a practical and low-cost way to maintain secure communications properties.

PQC will soon make the foundations of encryption we have relied on for decades obsolete; This means organizations will need to completely rethink how they approach digital security.

Many Australian organizations have already begun investigating PQC. More than half plan to improve crypto agility in the next 12 to 18 months, allowing new ciphers to be added more easily, while just under half intend to prototype or evaluate PQC algorithms.

But much more needs to be done.

Prepare for the post-quantum world, now

Typically, it takes organizations a couple of years to implement changes across their entire infrastructure. Preparing for a PQC world means taking steps now to protect data, intellectual property, and more from hackers using quantum computers.

There are three key things organizations should focus on right now:

  1. Assess risk exposure, evaluate cryptocurrency inventories and overall PQC readiness. Too often, organizations don’t know where their keys are, where encryption is used, or what data is protected and how.
  2. Create a hybrid risk mitigation plan that depends on both classical and quantum safe algorithms. Companies that wait until quantum computers are available to get their house in order face a recipe for years of theft, compromises, and the risk of non-compliance with quantum regulations.
  3. Prepare for a quantum-safe architecture, including support for new encryption algorithms, such as those published by the NIST. This can be done by looking at all the applications that manage sensitive information: how would those applications still perform if an algorithm were changed? Or what would be needed to make them work?

There is no doubt that preparing for quantum technology will be a huge task for organizations on a global scale; Tales has been preparing for this moment for more than a decade. As we learn to harness the power of quantum computers, we must also prepare to protect ourselves against the many new risks and dangers they bring, particularly when it comes to data and identities, the core of our global digital society.

Leave a Reply

Your email address will not be published. Required fields are marked *