Preparing Your Organization for the Quantum Revolution: A Guide to Implementing Post-Quantum Cryptography

Related Content

Want to keep learning?

Subscribe to SSL.com’s newsletter, stay informed and secure.

Quantum computers will be potent and pose a massive threat to encrypting data as we know it. Here at SSL.com, we are on top of significant developments in internet security. Before quantum hacking goes mainstream, we advise organizations to switch to quantum-safe “post-quantum” cryptography.

Understanding Post-Quantum Crypto

Post-quantum cryptography refers to next-generation encryption designed to resist cracking by regular and quantum computers. These advanced algorithms will keep data secure in a world with quantum capabilities.

Researchers are exploring various approaches to building hack-proof post-quantum cryptography:

  • Lattice cryptography uses lattice shapes as the basis for secure code. Leading proposals are Crystals-Kyber for crucial exchange and Crystals-Dilithium for digital signatures.

  • Code-based cryptography encodes messages in error-correcting codes that are difficult for quantum computers to break.

  • Hash-based cryptography gets its security from hash functions rather than math problems quantum computers can quickly solve. SPHINCS is a hash-based signature scheme.

  • Symmetric key cryptography relies on algorithms like AES and SHA-2, which are expected to resist quantum hacking but don’t use quantum mechanics.

Hybrid versions combining these approaches are also being developed. As new proposals are created, the cryptography community thoroughly reviews them before standardization so only the most secure and practical designs advance.

Checking Your Organization’s Risks

The first step is auditing the encryption used in your systems, networks, data storage, software, devices, and communications. Catalog the specific encryption algorithms, protocols, strengths, and implementations.

Next, analyze the business and security impact if quantum hacking breaks these encryptions. Assess factors like:

  • Sensitivity of encrypted data or connections

  • Legal obligations or compliance risks

  • Reliance on encryption for integrity

  • Consequences of disrupted availability

This creates a priority roadmap for upgrading to post-quantum encryption based on the highest-risk areas. For example, financial data transmission may need upgrading before website TLS encryption.

Understanding the Post-Quantum Landscape

With organizational risks mapped, researching specific post-quantum algorithms suited to your needs comes next. Leading proposals come mostly from academic research and get thoroughly peer-reviewed before standardization.

Criteria for evaluation include resistance to classical and quantum hacking, performance, key and transmission sizes, computational efficiency, memory needs, ease of implementation, and compatibility.

Actively track standardization timeframes for post-quantum algorithms from groups like the National Institute of Standards and Technology (NIST). While they aim for 5-7 years, this process may take longer.

Also, coordinate with partners, vendors, customers, and industry organizations to identify external dependencies and ensure a smooth industry-wide transition.

Testing New Post-Quantum Encryption

Once candidate algorithms are selected, test implementations and integrations through pilots and prototypes. This poses engineering challenges around revising code, acquiring math libraries, upgrading hardware, modifying endpoints for new keys and certificates, and more.

We recommend working with experienced teams with post-quantum cryptography expertise to implement new encryption securely. Thoroughly test configurations on staging environments mirroring production before launch.

Monitor for potential vulnerabilities from poor implementation. Assess impacts on performance and user experience.

Migrating to Post-Quantum Keys and Certificates

Transitioning public key infrastructure to post-quantum encryption represents the most disruptive change. Strategies like cryptographic agility support old and new encryption during the transition period.

Certificate authorities must prepare for issuing post-quantum compatible certificates as algorithms get standardized. Planning well in advance is crucial for smoothly switching certificate-key pairs without disruption.

For Transport Layer Security (TLS), websites will eventually need to replace certificates and private keys with post-quantum secure versions. Similarly, signed firmware, software, and code will require upgraded digital certificates. Managing existing revocation lists also grows complex.

As migrating your organization’s public key infrastructure poses challenges, consider our Hosted PKI solution. Our secure, scalable platform manages certificates and keys, handling the full lifecycle. By leveraging our hosted service, you can avoid PKI infrastructure burdens and focus on core business.

Learn more about Hosted PKI Solution

Creating a Comprehensive Migration Plan and Timeline

With preparatory phases done, organizations can build a complete migration plan coordinating all necessary infrastructure, software, processes, support, and skills. This intricate plan develops over the years.

Based on interdependencies and risks, outline sequencing to upgrade components logically. Have strategies to manage hybrid environments during the transition—factor in certification cycles, supply chain impacts, and compatibility needs.

Given the scale of retooling almost all encryption schemes and protocols across organizations and industries, timeframes likely span two or more years. Get executive sponsorship and a sufficient budget.

Although full-scale quantum attacks may still be a decade away, building expertise and completing transitions in advance is prudent. This journey is a marathon, not a sprint – but starting early is critical.

Securing the Future of Encryption

Migrating to post-quantum encryption parallels past revolutions like adopting public key infrastructure decades ago. The risks quantum computing poses to current cryptography mean we must begin preparing now.

Organizations can become quantum ready by assessing risks, understanding the post-quantum landscape, testing implementations, upgrading keys and certificates, and mapping out comprehensive plans. While challenges exist, with preparation, we can keep data secure.

At SSL.com, our experts are ready to help secure your organization for the quantum future. Contact us to start building your post-quantum migration plan.

Get Ahead on PKI Migration

Migrating your PKI is complex. Our Hosted PKI solution can handle the transition smoothly. Fill out our form to learn more. Our experts will discuss your encryption needs and create a tailored migration plan. Starting early future-proofs your organization. Contact us today.

 

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.