BlogData Protection & Cyber RecoveryData CenterSecurity Transformation
Blog • • 3 minute read

The Time for Post Quantum Encryption is Now, Not Later

This post is not comprehensive of all encryption and data security practices, but it highlights the impending necessity for post-quantum cryptography adoption. We will take a brief look at why this is a current concern, who has this technology today and why we need to start adoption soon.

Captain's log, stardate 78327.9 (mid-November, 2024). In August of this year, The National Institute of Standards and Technology (NIST) released a statement for post-quantum cryptography algorithms and adoption recommendations

Quantum computing is not a new technology, but understanding and development of it are rapidly advancing. It can solve mathematical problems faster than the world's largest supercomputer. For example, in 2019, a mathematical problem was solved by a quantum computer in just over three minutes, which would have taken the world's largest supercomputer 10,000 years to solve.

At present, only a handful of nation-states and private research companies, including Google, IBM and Intel, have quantum computers, with more developing the capability. 

The continued and rapid advancement of quantum computing will allow a quantum computer to break all the existing encryption algorithms that are currently used for cybersecurity today. Our only saving grace is that continued development is needed to execute these algorithms in a practical application. It is estimated that by the early 2030s, this will be a current security concern. With encryption as the foundation of much of our cybersecurity practices today, a threat actor from a nation-state or one with unauthorized access via a private company's quantum computer could gain access to the world's most sensitive information, including eCommerce, stock market, personal financial records, credit card numbers, government secrets, and technology, scientific and weapons R&D. 

The NIST has released recommended protocols and algorithms to withstand current computer and quantum computer capabilities, namely Federal Information Processing Standards (FIPS) 203, 204 and 205. Some of these encryption standards are already being used today, like Apple iMessage. 

These post-quantum cryptography standards must be more widely adopted sooner rather than later to prevent being vulnerable and needing to play catch-up in an emergency. NIST recommends being ready with post-quantum cryptography by 2029. While that may seem far away in the galaxy, it's just four years away. In anticipation of quantum computing capabilities, one method attackers use today is "Harvest now, Decrypt Later". Meaning, harvest all the data today, save it and decrypt it when they have the capability to use quantum computers.  Although not current, attackers will have the world's most sensitive data going back 4+ years, and they'll be able to decrypt all data collected up to the point that quantum-resistant encryption was employed.

This is not a future problem to contend with, it is a current one. 

In summary, the rapid advancement of quantum computing presents a significant threat to current encryption methods. NIST has recommended adopting post-quantum cryptography standards, such as FIPS 203, 204 and 205, by 2029 to mitigate this risk. As attackers are already employing strategies in preparation for quantum capabilities, it is crucial to adopt these new standards sooner rather than later to protect sensitive information in future data breaches.