Page 68 - Cyber Defense eMagazine December 2023
P. 68
But inherent to this process of encryption is how it operates. The decryption key often travels alongside
the data it's meant to protect. With quantum computers' potential to disrupt this system, our current data
safety has become an illusion in a future where traditional computing will no longer be adequate, with
many thinking of it in the same way we might have viewed mobile phones of the early 90s.
Think about it. Even if data is protected with PKE today, it can be copied and stored, waiting for the day
when a more powerful computer is able to decrypt it. Adding impetus to the change is the fact that
quantum computers have already demonstrated their ability to break PKE. A conventional computer
would need 300 trillion years to break RSA encryption, which many see as the gold standard for PKE. A
quantum computer can do it in 10 seconds.
The need for post-quantum cryptography
Fortunately, a shift is happening that has been dubbed one of the most extensive cryptographic
transitions in the history of computing - moving from the well-established PKE to the emergent post-
quantum cryptography (PQC). This represents a foundational change that will impact every facet of our
increasingly digital lives.
The federal government is currently planning the upgrade of digital networks with post-quantum
cryptographic standards as outlined in a May 2022 national security memorandum, anticipating the arrival
of a fault-tolerant quantum computer. Last year, the National Institute for Standards and Technology
(NIST) shortlisted quantum-safe encryption algorithms to preempt the quantum threat.
Of course, making the change will be massively disruptive, given the scale of the environment. PKE and
its dependencies underpin the bulk of the public internet. In the US alone, it protects 4.5 billion internet
users, powers 200 million websites, and secures $3 trillion of retail e-commerce transactions annually.
Now, expand that to the rest of the world, and the enormity of the challenge becomes clear.
Challenges of transition
Change, especially of this scale, is never straightforward. The NIST's 2021 report, ‘Getting Ready for
Post-Quantum Cryptography,' highlighted the complexities of adopting PQC. The reality is that even after
the standardization process concludes, making a full transition could easily span up to 15 years. That’s
a long time to become fully secure in a quantum world.
Adopting a multi-faceted approach in this regard is vital. For instance, using PQC, QKD (Quantum Key
Distribution), QRNG (Quantum Random Number Generator), or even different combinations will ensure
organizations are no longer reliant on any single encryption method.
Cyber Defense eMagazine – December 2023 Edition 68
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.