Innovation Series, Tech/Engineering

Preparing today for the post-quantum world with quantum-resistant cryptography

In the near future, quantum computers will be able to perform massive combinatorial computations in a time duration that will outperform the classical computers of today. Quantum computing shifts from today’s classical computation fundamentals such as the basic single-state of a bit — 0 or 1. Quantum uses the qubit as the fundamental unit in quantum computing and since the qubit can be in both states at once, it enables faster computations. 

As exciting as it is that quantum computing can solve previously unsolvable problems, this power will also enable it to break into your encrypted data or communication.

Post-quantum cryptography

Today, most public-key algorithms and digital signatures are not resilient to quantum attacks. The fundamental assumption for today’s cryptography and blockchain assets is that it takes enormous computational power and time to breach the system, thus making them safe from almost all cyber threats. For instance, one of the public-key cryptographic algorithms, RSA, that is used in TLS (Transport Layer Security) for secure HTTPS communication, relies on a public encryption key based on the product of two large prime numbers. The prime numbers themselves are kept as the secret to decrypt it. But guess what? Shor’s algorithm — a polynomial-time quantum computing algorithm — can perform integer factorization, obtaining back the prime numbers. Thus, a decent quantum computer can break encryption and digital signature schemes by performing enormous computations quickly.

Post-quantum cryptography (also known as quantum-resistant cryptography) are algorithms that can be secure from attacks caused by a quantum computer. NIST (National Institute of Standards and Technology) is already evaluating and standardizing quantum-resistant cryptographic algorithms. Some algorithms that have made it to the finals are Classic McEliece, CRYSTALS-Kyber, NTRU, CRYSTALS-Dilithium, FrodoKem, and more. 

But why is post-quantum cryptography important now?

Digital signatures and secure communication like TLS are not resistant to quantum attacks. This style of cryptography is used in applications such as: 

  • Banking
  • VPN
  • Digital wallets
  • Cryptocurrencies such as Bitcoin

It has taken organizations almost 20 years to adopt current cryptographic standards. Robust quantum computing can be expected in the next 10-15 years… you do the math. Unless we start moving now, the vast majority of today’s transactions and user information will be exposed. Many industries will seize the opportunity to get their hands on quantum — from cloud service providers to cryptocurrency mining farms. Unfortunately, so will hackers. Hackers are already stealing encrypted data today to decrypt them when quantum computing arrives.

So organizations should start preparing now.

Preparing for a post-quantum world

Whether or not you intend to adopt quantum computing for your organization, you will still need to prepare for quantum attacks. A preparation strategy should look something like this:

  • Educate yourself and your organizational stakeholders about post-quantum cryptography.
  • Inspect systems (hardware, software, communication protocols, services, data) and their current encryption methods:
    • Vulnerable systems which use public-key cryptography or digital signatures will need to switch to PQ (Post Quantum) safe algorithms.
    • Non-vulnerable systems which use symmetric key algorithms or hash functions will need to be inspected if the parameters are PQ safe. For instance, doubling the key sizes of these algorithms can effectively block quantum threats.
  • Prioritize areas of focus based on vulnerability and criticality of the system and the expected time and resources required to switch to PQ safe algorithms. 
  • Set up data retention periods, allowing the organization to begin phasing out old unused data which was encrypted with non-PQ safe algorithms. Leaving this data intact will create vulnerabilities and potential exposure by hackers in a post-quantum world.
  • Look out for NIST standardizations and migration recommendations to post-quantum cryptographic algorithms. It is expected to be finalized between 2022-2024.
  • Identify which post-quantum cryptography algorithms and tools will work best for your systems and data.
  • Update your cryptographic posture for systems and data for the post-quantum world.

Historically, society has embraced the uses of technology first and then dealt with the adversities caused by it later. For instance, it was exciting when social networks arrived, but the astronomical growth over the last decade has now left us dealing with misinformation. Similarly, with AI and machine learning, it was fascinating to model and build facial recognition models, only later to deal with their biases and the increasing privacy concerns. 

But in the case of quantum computing, we are already well aware of the potential threats to come. Now is our opportunity to turn the tide for quantum computing: let’s first prepare for quantum threats with post-quantum cryptography so we can enjoy the benefits when quantum computing arrives.

Next steps

Learn more about the technical innovations and best practices powering cloud backup and data management. Visit the Innovation Series section of Druva’s blog archive.

Join the team!

Looking for a career where you can shape the future of cloud data protection? Druva is the right place for you! Collaborate with talented, motivated, passionate individuals in a friendly, fast-paced environment; visit the careers page to learn more.

About the author

Preethi Srinivasan is the Director of Innovation at Druva. She enjoys leading innovative product initiatives and exploring new technologies.