The State of Post-Quantum Cryptography and How to Make it a Competitive Differentiator

Rapid advances in quantum computing pose a serious threat to current encryption methods, devastatingly impacting today’s data security. However, there is hope in the form of post-quantum cryptography (PQC).

What is Post-Quantum Cryptography?

Post Quantum Cryptography (PQC) is a new generation of cryptographic algorithms designed to resist attacks from quantum computers. Quantum computers use the principles of quantum mechanics to perform certain calculations in an instant, but they would take traditional computer architectures hundreds or thousands of years to solve.

With the rapid advancements in quantum computing, they will soon be able to quickly solve the math (breaking the code) at the foundation of many of the encryption algorithms we rely on today, such as RSA.

Why is PQC Important Now?

The transition to PQC is essential for safeguarding our digital infrastructure today. Once quantum computers become more powerful and effective, they can decrypt sensitive data, steal intellectual property, and disrupt critical services. This event is also referred to as “Q-day.”

While quantum computers are not here yet, the threat is. Bad actors can steal data today and decrypt it in the future – when more powerful quantum computers are available. In short, if you haven’t adopted PQC algorithms, you are already vulnerable to quantum computing, which hasn’t even arrived yet! New quantum-resistant algorithms are also not yet fully defined, but NIST is expected to finalize a set of algorithms in the summer of 2024. Businesses must start their PQC migration journey now and create a complete inventory of their cryptographic security posture, so they can assess where, how, and how well crypto is applied. This inventory and assessment step is a major milestone, due to the complications of siloes across on-premises and multiple cloud environments.

The Current State of PQC

While PQC is still under development, significant progress has been made in recent years. Organizations like the National Institute of Standards and Technology (NIST) are now standardizing several promising PQC algorithms. However, there are still challenges to overcome.

Migrating to PQC will require significant effort from businesses and organizations worldwide. The United States government agencies are already under a mandate [source] to make their infrastructure PQC-ready. The National Security Agency (NSA) has a target for 2033 [source], while the federal government as a whole has a 2035 target [source].

While no current civilian regulations mandate PQC readiness, this is also a matter of time. Regulated industries like finance and healthcare are likely the first to be subject to such mandates, but industries like telecom already have PQC guidelines [source].

PQC as a Competitive Differentiator

Data security is paramount in a world where data is the lifeblood of almost any organization. Businesses that take steps to prepare for the quantum age will have a significant competitive advantage. Companies such as Zoom and CloudFlare are already announcing their PQC adoption efforts. By demonstrating a commitment to long-term security, businesses can attract and retain customers, build trust with partners, and comply with evolving regulations.

How to Get Ready for the Post-Quantum Era

The first step towards PQC readiness is to understand your current cryptographic landscape. This means identifying where cryptography is used in your systems and applications and what types of algorithms are being used. Once you have a complete inventory, you can start developing a plan for migration to PQC algorithms.

Start your PQC journey with Fortanix

Fortanix provides solutions for all critical steps in your post-quantum readiness journey. The first phase is to discover your cryptographic security posture. Fortanix Key Insight discovers all cloud encryption keys and data services to assess and track your cryptographic security posture. It reveals the location and usage of encryption keys by data services across multicloud environments, allowing you to identify and prioritize where and when to apply post-quantum cryptography.

Cryptographic agility is essential for transitioning to a strong and resilient data security posture. Fortanix helps organizations simplify and regain control of their cryptographic operations across multiple clouds, classical datacenters, and individual regions. Organizations can then transition smoothly to new cryptographic standards with efficient resource use.

Conclusion

The transition to PQC is a complex but necessary undertaking. By starting now, businesses can ensure they are prepared for the quantum future and reap the rewards of gaining their customer’s trust.