Quantum computers will be potent and pose a massive threat to encrypting data as we know it. Here at SSL.com, we are on top of significant developments in internet security. Before quantum hacking goes mainstream, we advise organizations to switch to quantum-safe “post-quantum” cryptography.
Understanding Post-Quantum Crypto
Post-quantum cryptography refers to next-generation encryption designed to resist cracking by regular and quantum computers. These advanced algorithms will keep data secure in a world with quantum capabilities.
Researchers are exploring various approaches to building hack-proof post-quantum cryptography:
-
Lattice cryptography uses lattice shapes as the basis for secure code. Leading proposals are Crystals-Kyber for crucial exchange and for digital signatures.
-
Code-based cryptography encodes messages in error-correcting codes that are difficult for quantum computers to break.
-
Hash-based cryptography gets its security from hash functions rather than math problems quantum computers can quickly solve. is a hash-based signature scheme.
-
Symmetric key cryptography relies on algorithms like AES and SHA-2, which are expected to resist quantum hacking but don’t use quantum mechanics.
Hybrid versions combining these approaches are also being developed. As new proposals are created, the cryptography community thoroughly reviews them before standardization so only the most secure and practical designs advance.
Checking Your Organization’s Risks
The first step is auditing the encryption used in your systems, networks, data storage, software, devices, and communications. Catalog the specific encryption algorithms, protocols, strengths, and implementations.
Next, analyze the business and security impact if quantum hacking breaks these encryptions. Assess factors like:
-
Sensitivity of encrypted data or connections
-
Legal obligations or compliance risks
-
Reliance on encryption for integrity
-
Consequences of disrupted availability
This creates a priority roadmap for upgrading to post-quantum encryption based on the highest-risk areas. For example, financial data transmission may need upgrading before website encryption.
Understanding the Post-Quantum Landscape
With organizational risks mapped, researching specific post-quantum algorithms suited to your needs comes next. Leading proposals come mostly from academic research and get thoroughly peer-reviewed before standardization.
Criteria for evaluation include resistance to classical and quantum hacking, performance, key and transmission sizes, computational efficiency, memory needs, ease of implementation, and compatibility.
Actively track standardization timeframes for post-quantum algorithms from groups like the . While they aim for 5-7 years, this process may take longer.
Also, coordinate with partners, vendors, customers, and industry organizations to identify external dependencies and ensure a smooth industry-wide transition.
Testing New Post-Quantum Encryption
Once candidate algorithms are selected, test implementations and integrations through pilots and prototypes. This poses engineering challenges around revising code, acquiring math libraries, upgrading hardware, modifying endpoints for new keys and certificates, and more.
We recommend working with experienced teams with post-quantum cryptography expertise to implement new encryption securely. Thoroughly test configurations on staging environments mirroring production before launch.
Monitor for potential vulnerabilities from poor implementation. Assess impacts on performance and user experience.
Migrating to Post-Quantum Keys and Certificates
Transitioning public key infrastructure to post-quantum encryption represents the most disruptive change. Strategies like support old and new encryption during the transition period.
Certificate authorities must prepare for issuing post-quantum compatible certificates as algorithms get standardized. Planning well in advance is crucial for smoothly switching certificate-key pairs without disruption.
For Transport Layer Security (TLS), websites will eventually need to replace certificates and private keys with post-quantum secure versions. Similarly, signed firmware, software, and code will require upgraded digital certificates. Managing existing revocation lists also grows complex.
Creating a Comprehensive Migration Plan and Timeline
With preparatory phases done, organizations can build a complete migration plan coordinating all necessary infrastructure, software, processes, support, and skills. This intricate plan develops over the years.
Based on interdependencies and risks, outline sequencing to upgrade components logically. Have strategies to manage hybrid environments during the transition—factor in certification cycles, supply chain impacts, and compatibility needs.
Given the scale of retooling almost all encryption schemes and protocols across organizations and industries, timeframes likely span two or more years. Get executive sponsorship and a sufficient budget.
Although full-scale quantum attacks may still be a decade away, building expertise and completing transitions in advance is prudent. This journey is a marathon, not a sprint – but starting early is critical.
Securing the Future of Encryption
Migrating to post-quantum encryption parallels past revolutions like adopting public key infrastructure decades ago. The risks quantum computing poses to current cryptography mean we must begin preparing now.
Organizations can become quantum ready by assessing risks, understanding the post-quantum landscape, testing implementations, upgrading keys and certificates, and mapping out comprehensive plans. While challenges exist, with preparation, we can keep data secure.
Get Ahead on PKI Migration
Migrating your PKI is complex. Our Hosted PKI solution can handle the transition smoothly. Fill out our form to learn more. Our experts will discuss your encryption needs and create a tailored migration plan. Starting early future-proofs your organization. Contact us today.