But inherent to this process of encryption is how it operates. The decryption key often travels alongside
            the data it's meant to protect. With quantum computers' potential to disrupt this system, our current data
            safety has become an illusion in a future where traditional computing will no longer be adequate, with
            many thinking of it in the same way we might have viewed mobile phones of the early 90s.

            Think about it. Even if data is protected with PKE today, it can be copied and stored, waiting for the day
            when a more powerful computer is able to decrypt it. Adding impetus to the change is the fact that
            quantum computers have already demonstrated their  ability to break PKE. A conventional computer
            would need 300 trillion years to break RSA encryption, which many see as the gold standard for PKE. A
            quantum computer can do it in 10 seconds.



            The need for post-quantum cryptography

            Fortunately,  a  shift  is  happening  that  has  been  dubbed  one  of  the  most  extensive  cryptographic
            transitions in the history of computing - moving from the well-established PKE to the emergent post-
            quantum cryptography (PQC). This represents a foundational change that will impact every facet of our
            increasingly digital lives.

            The  federal  government  is  currently  planning  the  upgrade  of  digital  networks  with  post-quantum
            cryptographic standards as outlined in a May 2022 national security memorandum, anticipating the arrival
            of a fault-tolerant quantum computer. Last year, the National Institute for Standards and Technology
            (NIST) shortlisted quantum-safe encryption algorithms to preempt the quantum threat.

            Of course, making the change will be massively disruptive, given the scale of the environment. PKE and
            its dependencies underpin the bulk of the public internet. In the US alone, it protects 4.5 billion internet
            users, powers 200 million websites, and secures $3 trillion of retail e-commerce transactions annually.
            Now, expand that to the rest of the world, and the enormity of the challenge becomes clear.



            Challenges of transition


            Change, especially of this scale, is never straightforward. The NIST's 2021 report, ‘Getting Ready for
            Post-Quantum Cryptography,' highlighted the complexities of adopting PQC. The reality is that even after
            the standardization process concludes, making a full transition could easily span up to 15 years. That’s
            a long time to become fully secure in a quantum world.

            Adopting a multi-faceted approach in this regard is vital. For instance, using PQC, QKD (Quantum Key
            Distribution), QRNG (Quantum Random Number Generator), or even different combinations will ensure
            organizations are no longer reliant on any single encryption method.











            Cyber Defense eMagazine – December 2023 Edition                                                                                                                                                                                                          68
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.