Be Quantum-ready: A guide to protecting your organization from quantum threat

Executive summary

Quantum computers have the potential to solve complex problems that classical computers can not. They are currently being developed in both research and commercial projects, and when they are realized, they could have a number of benefits for humanity, solving challenging problems in mathematics, medicine, physics, and chemistry.

However, quantum computers could also be used to break traditional cryptographic systems we rely on for secure data communication, internet banking, digital signatures, encryption, and more. This is also known as the quantum threat and would mean a threat to data security as we know it today.

To protect ourselves against this threat, an area called post-quantum cryptography (PQC) is developing. Post-quantum cryptography is a growing field of cryptography that is designed to be resistant to both quantum computers and classical computers. This is being done through the ongoing development of new cryptographic systems, which will eventually be interoperable with existing communications protocols and networks.

One main driver in the development of post-quantum cryptography is the National Institute of Standards and Technology (NIST). They are responsible for selecting candidate algorithms for standardization, and their work is essential in helping to transition from traditional cryptography to quantum-resistant algorithms.

During the coming years, we will see a gradual transition from traditional cryptography to quantum-resistant algorithms. At the same time, we will see the development of post-quantum cryptography standards, so that all applications can be updated to take advantage of these new algorithms.

It is time to begin planning for a transition to PQC, as current cryptosystems may be in jeopardy in the coming decades if quantum computer development continues its fast progress. In this guide, we elaborate on the quantum threats, post-quantum cryptography, and recommendations that organizations should follow to be quantum-ready.

From quantum computers to the quantum threat

Quantum computing, quantum threat, and post-quantum cryptography are all important developments that we should be paying attention to. Let’s start with the basics to get an understanding of these concepts.

What is quantum computing?

Quantum computing is a cutting-edge technology that is becoming a powerful tool to solve certain complex problems within timeframes that were previously thought to be impossible.

Quantum computers are different from classical computers in that they rely on the laws of quantum physics to operate. They are still in an early stage of development but have the potential to become much more significant by the early 2030s.

“Quantum computing is a rapidly-emerging technology that harnesses the laws of quantum mechanics to solve problems too complex for classical computers.” [1] -IBM

Why do we need quantum computers?

When scientists and engineers face complex challenges today, they turn to supercomputers. A supercomputer is built with thousands of classical CPUs (central processing units) and GPUs (graphics processing units) and performs at a higher computing level than a classical computer.

But at times, even supercomputing is not powerful enough. A supercomputer gets stuck when asked to solve a highly complex problem with multiple variables interacting in complicated ways.

A simple example of such a complex problem can be modelling the behavior of individual atoms in a molecule where all the different electrons (i.e., lots of variables) interact with one another (i.e., in many complicated ways).

Quantum computers, however, will be built for such complexities. They use quantum algorithms to create multi-dimensional spaces with patterns of linked, individual data points, which classical and supercomputers cannot. This makes quantum com puters uniquely capable to tackle problems that are too complex for both classical computers and supercomputers.

How does it work?

A classical computer is based on electronic components, such as transistors controlling the passage of electronic, digital currents. The passing of a current has two states: 0 when the current is not passing and 1 when the current is passing. These two states (0 or 1) define the ”bit” of a classical computer, and by using a certain number of unique bits, any data can be represented.

A quantum computer is based on the quantum properties of some elements, like electron spin,

The opportunities it provides

To further understand quantum computers impact on society, let’s look at an example that shows how quantum computers surpass classical computers.

Imagine that we use a classical computer with a set of 4 bits that can represent 2^4 = 16 combinations of different values. If we want to use or test these different combinations to make a calculation, the classical computer loads each combination one after the other, resulting in at least 16 calculation cycles.

higher computing powers over classical computers. Potential fields where quantum computing can be applied are combinatorial optimization (traveler problem, traffic management of autonomous vehicles), artificial intelligence (machine learning, deep learning), health (molecular simulation), mathematics (integer factorization), and more.

What is the quantum threat?

As illustrated in the earlier section, quantum computers are poised to be much more powerful than traditional computers. This also means that they can be able to break the encryptions that are deemed unbreakable by classical computers.

This risk posed by quantum computers to the existing cryptographic systems is termed the Quantum Threat.

A direct impact of the quantum threat is the exposure of sensitive corporate and personal data that is protected by current cryptographic systems. With access to the power of quantum computing, threat actors will be able to gain unlawful access to the data stored in the cloud, hack into financial systems, or decrypt communication channels.

Let’s do the same exercise with a quantum computer and replace the 4 bits with 4 qubits. The 4 qubits can still represent a maximum of 16 combinations, but thanks to the principle of superposition, they also represent all 16 combinations simultaneously.

This means that if we want to make a calculation involving these different combinations, we can do it in a single machine cycle instead of 16 for a classical computer. [2]

Fortunately, there are steps that can be taken to mitigate these risks; for example, migration to newer and stronger algorithms that can withstand a quantum computing-based attack to deliver safe encryption, digital signatures, and authentication. Such cryptographic algorithms that offer security against both quantum and classical computers are known as post-quantum cryptography or quantum-resistant cryptography.

Key takeaways

• Quantum computers are designed to be much faster and more powerful at solving complex mathematical problems compared to classical computers.

• These computers will pose a serious threat to current-generation cryptography systems which are deployed and in use on a global scale.

• Quantum threat is an evolving challenge that can be mitigated by staying updated on the latest security measures.

In summary, a quantum computer with 4 qubits is 16 times faster than a classical computer. And as more combinations and qubits are made available, quantum computers will continue to gain

From the quantum threat to post-quantum cryptography

Although it will take a few years for the quantum threat to become a reality, that is, for quantum computers to be powerful enough to break asymmetric cryptography, such as the RSA algorithm – it will eventually happen.

And so, organizations must start evaluating how they can safeguard themselves against this inevitable threat.

What is post-quantum cryptography?

Post-quantum cryptography (also known as quantum-resistant cryptography or quantum encryption) refers to new cryptographic algorithms that are being developed to increase resilience against attacks by quantum computers.

Teams of mathematicians and researchers are working on these new quantum-resistant algorithms. One of the most critical factors in the development of algorithms is ensuring standardization to preserve interoperability with existing systems and applications. Major competitions have been set up by NIST (the National Institute of Standards and Technology) and CACR (the Chinese Association for Cryptologic Research) to standardize the new algorithms, and true progress is already in the making.

“The goal of post-quantum cryptography […] is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks”

[3] -NIST

The importance of algorithms

The power of a quantum computer lies in two elements. First, its technology gives it extraordinary ”potential” capacities, opening many new fields of research. However, these capacities would be nothing without the second element, which is the algorithms used to implement them as efficiently as possible.

Grover’s algorithm – the threat to symmetric cryptography

Symmetric key cryptography, using algorithms such as AES (Advanced Encryption Standard), is

moderately affected by a cryptographically relevant quantum computer. Still, the key size needs to be considered since Grover’s algorithm weakens the strength of encryption.

Grover’s algorithm, named by its inventor Lov Grover in 1996, allows one to search for an element in an unstructured document. The algorithm offers a quadratic speedup over classical methods for the same task, which makes searching for the value of a symmetrical key much more efficient than with a computer and a classical algorithm. However, the gain in speed is not attained by increasing the number of qubits.

Furthermore, this has led to a recommendation today to double the size of the symmetric keys in order to be protected against the threat of Grover’s algorithm. If AES-128 is sufficient for an application today, it is necessary to move to AES256 for a corresponding level of protection. It is also worth noting that even if it is hard to break the symmetric key, a symmetric key protected by asymmetric encryption could be revealed by breaking the asymmetric encryption.

Shor’s algorithms – the threat to public key cryptography

The quantum computer excels in integer factorization and solving the discrete logarithm problem, an ability it holds from algorithms called Shor’s algorithms (named after American mathematician Peter Shor and published in 1994).

When Shor’s algorithms are implemented on a quantum computer, it directly threatens asymmetric keys like RSA, ECC, and the Diffie-Hellman key exchange. While a classical computer can not break these algorithms when used with recommended key lengths, there’s no simple protection against a cryptographically relevant quantum computer using Shor’s algorithms (for example by increasing the security parameters of the asymmetric key as that would make it impossible to use in practice).

Instead, the solution to mitigating the threat to Public Key Cryptography is by introducing postquantum cryptography algorithms.

Quantum-resistant c ryptographic algorithms – the NIST competition

In 2016, the National Institute of Standards and Technology (NIST) started a competition to select quantum-resistant algorithms for standardization. The competition focuses on new quantumresistant public-key cryptography standards for public-key encryption, key establishment, and digital signatures.

The competition is progressing quickly as a response to the urgency of the issue. On July 5, 2022, NIST announced the first group of four encryption algorithms designed to tackle the quantum threat. [4] More are still being evaluated and will be announced in the future.

Key takeaways

• Quantum computers are coming; experts believe practical quantum computers will become a reality and affect the security of currently used cryptosystems.

• Symmetric key encryption is less affected by the quantum threat. Grover’s algorithm can be used to attack symmetric key encryption, but simply doubling the key length is an efficient countermeasure.

• Asymmetric keys are vulnerable to large-scale quantum computers and Shor’s algorithms. The solution lies in migrating to PQC (Post-Quantum Cryptography).

• Solutions are coming for protection against the quantum threat. A worldwide competition to bring forth PQC algorithms is led by NIST.

Why should organizations care about quantum computing?

1. Current cryptosystems will no longer be secure

The invention of the quantum computer will have a significant impact on the security of systems that rely on asymmetric cryptography. RSA, ECC, and DH algorithms provide adequate protection against classical attacks – but not against quantum attacks.

Also, preparing for secure cryptographic communications in a post-quantum age will become vital for any business relying on modern cryptography to avoid the risk of being hacked in the coming decades.

The only way to effectively secure systems and applications will be to implement PQC.

2. Today’s encrypted data will not be safe tomorrow

Cybersecurity experts warn of a critical threat known as ‘store now, decrypt later’ (SNDL). Encrypted data, which is intercepted today, can be stored (or “harvested”) until quantum computers with the capability of decrypting this data are available.

So, if it is imperative for your organization that sensitive information should remain confidential over the coming decades, you must prepare for quantumresistant cryptography today. This is especially true for governments and public organizations when it comes to, for example, managing citizen data.

3. Being quantum-ready is a time-consuming process

Migrating an organization’s quantum-vulnerable systems to use new quantum-safe PQC will be a complicated, multi-year process. Make sure to be aware of the risks of quantum computing by creating an inventory of all your solutions and applications, evaluating the risks and impact of a quantum threat, testing standardized algorithms, and keeping a close dialogue with your vendors.

As you now begin to wrap your head around quantum computing and how it will affect your organization, don not forget to keep an eye on how quickly progress is made toward key technological milestones.

Key takeaways

• Organizations must start planning and evaluating quantum-readiness strategies today.

• Current cryptographic algorithms will be ineffective against quantum attacks.

• Building quantum resistance is a complex and exhaustive process that must be developed soon to match technological developments within quantum computing.

• Store now, decrypt later’ is a serious postquantum threat that governments, public organizations and businesses must prepare for today.

How can companies protect themselves against the threat of quantum computers?

Preparing for secure communications in a post-quantum age demands a tailored approach as every organization is unique. However, most experts agree that a phased approach, starting with the following steps, can help protect your organization from the security risks posed by quantum computers.

5 Best practices to be quantum-ready

1. Preparation and discovery: Create an inventory of all your solutions and applications

To begin protecting your organization from quantum threats, it is important to take inventory of all sensitive information that is currently being processed by your ICT (information and communications technologies) infrastructure. This will help identify which software and components need to be updated or replaced to maintain confidentiality and integrity.

Next, understand where and how your organization uses public-key cryptography. This includes getting an overview of cryptographic technologies used by your existing IM (Information Management), IT, and OT (Operational Technology) systems, as well as the products your organization sells, such as IoT applications. By prioritizing these systems for an upgrade to post-quantum cryptography, you can take steps to strengthen your security.

Lastly, don not forget the importance of employee education. Making sure your staff is aware of the risks of quantum computing will help them take the necessary precautions to keep sensitive information secure.

2. Risk assessment and prioritization: Evaluate the potential risks and consequences of a quantum attack

Once you have a clear understanding of the sensitive information that your organization processes, it is important to determine the duration for which this information will be considered at risk.

For example, if your organization has data that would be problematic if exposed using the ”Steal Now, Decrypt Later” attack method (even 20 to 30 years from now), it is crucial to implement quantum-resistant cryptography.

To determine your organization’s risk posture considering the anticipated quantum threat timeline, review open-source information such as those published by the National Institute of Standards and Technology (NIST) and the European Union Agency for Cybersecurity (ENISA).

With this information in mind, prioritize which systems require the most urgent attention by creating a list of all systems that handle important data and evaluating them based on their level of risk.

Migration Time + For how many years your most important data must be protected > Threat Timeline (see table below). [5]

3. Integrate new algorithms into your solutions

The next phase is to start testing algorithms that are candidates for being standardized by NIST (and others). Do this to make sure that postquantum cryptography (PQC) works in practice even before the standardization is finalized, and to understand problems and challenges when migrating.

Investigate if a hybrid approach should be selected, for example in an environment with a mixture of old devices and software where it may be necessary to use a hybrid solution to support legacy devices at the same time as other clients may be migrated sooner to use PQC. [6]

Integrate new algorithms into your solutions in the order of priority defined during your inventory and prioritizing phase. Identify metrics to measure the performance impact when applying new algorithms in software, encrypted communication, etc., when using classical, PQC, and hybrid configurations.

Also determine if you will need new training or additional resources (e.g., tools) to migrate your systems to use quantum-safe, post-quantum cryptography.

Recommendation for further reading: Quantumsafe cryptography – fundamentals, current developments and recommendations [6] and Canadian National Quantum-Readiness [7]

4. Follow recommendations by authorities and the ongoing standardization process

In order to stay ahead of the curve and protect your organization from the emerging threat of quantum computing, it is crucial to stay informed of the latest developments in post-quantum cryptography (PQC) and to monitor the standardization efforts of organizations such as NIST, ETSI, ENISA, IETF, ISO, ANSSI, BSI and NSA. By doing so, you will have a better understanding of which PQC algorithms will be most suitable for different use cases in the coming years and decades.

Furthermore, it is imperative to adhere to the recommendations and requirements established by local authorities and regulators regarding the use of specific algorithms and the timelines for deployments. These guidelines provide a framework to ensure your systems are secure and in compliance with industry standards.

Recommendation for further reading: Canadian National Quantum-Readiness [7]

5. Engage your vendors

As post-quantum cryptography (PQC) is a complex field, it requires expertise and experience to effectively assess the risks and consequences and develop mitigation strategies. Therefore, it’s important to

maintain a close dialogue with your current and future vendors to ensure they are aware of your organization’s quantum-readiness needs.

As solutions to the transition to a quantum-safe infrastructure become available, it is crucial that IT and procurement teams engage in discussions with their current and prospective vendors to understand their quantum-readiness plans.

This will help to clarify who will be responsible for handling different aspects of the transition and ensure that investments made today will position your organization for quantum resilience in the future.

This will allow the organization to make informed decisions about the selection of products and services that will be used to secure critical data and systems. [7]

Recommendation for further reading: Guide to a quantum-safe organization [8]

Key takeaways

• Develop an understanding of the threats that quantum computing will pose for your ICT infrastructure (information and communication technology) in the coming years.

• Consider using quantum-resistant cryptography if you have sensitive information that would still be a problem if it was discovered and released in 20-30 years.

• Testing of pre-standardized post-quantum cryptography can be made to ensure that it works in practice even before the standardization is finalized, and to understand problems and challenges when migrating.

• Follow local recommendations by authorities and the ongoing standardization process.

• Keep a close dialogue with current and future vendors regarding their quantum readiness plans.

”

” Follow recommendations by authorities and the ongoing standardization process

Conclusion

The advent of the quantum computer has created a new era of security risks for systems that rely on asymmetric cryptography.

Since every business is unique, there is not one correct approach when it comes to preparing for secure cryptographic communications in a post-quantum world. However, in order to best protect your organization from the security risks posed by the future arrival of the quantum computer, most experts agree that the following phases should be progressed:

1. Create an inventory of all your solutions and applications

2. Evaluate the potential risks and consequences of a quantum attack

3. Integrate new algorithms into your solutions

4. Follow recommendations by authorities and the ongoing standardization process

5. Engage your vendors

In the end, post-quantum cryptography is a complex area that needs expertise and experience to overview risks and consequences, and to define how to mitigate them. Keep a close dialogue with current and future vendors regarding their quantum-readiness plans.

Our commitment

Nexus is a pioneer and leader in the fields of PKI and cryptography. We have played a pivotal role in creating standards and interoperability frameworks to cater to the everevolving technology landscape. Some examples include projects aimed at promoting safety and security around emerging technologies such as connected and autonomous vehicles, connected healthcare, among others.

We have stayed ahead of the curve by always anticipating and preparing for the next technological transformation. With quantum computing poised to be the next paradigmshifting development, we are designing solutions to help governments defend their sovereignty and enable enterprises to preserve their integrity.

With a close eye on the NIST quantum-resistant algorithm finalists, we are working towards a PKI solution to protect organizations against quantum threat. Offered as a service, it will enable you to provision hybrid certificates that can be used for both, legacy as well as PQC devices and applications. It will also be possible to create hybrid or quantum-only certificate authority hierarchies.

” ”

Our commitment to excellence and innovation drives us to build a secure tomorrow with trusted identities

References

[1] What is quantum computing?: https://www.ibm.com/topics/quantum-computing

[2] https://www.ibm.com/thought-leadership/institute-business-value/report/quantumstrategy

[3] Post-Quantum Cryptography PQC: https://csrc.nist.gov/projects/post-quantum-cryptography

[4] NIST Announces First Four Quantum-Resistant Cryptographic Algorithms: https://www.nist.gov/news-events/ news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms

[5] Global Risk Institute: 2021 Quantum Threat Timeline Report, January 2022

[6] Quantum Technologies and Quantum-Safe Cryptography: https://www.bsi.bund.de/EN/Themen/Unternehmenund-Organisationen/Informationen-und-Empfehlungen/Quantentechnologien-und-Post-Quanten-Kryptografie/ quantentechnologien-und-post-quanten-kryptografie_node.html

[7] Canadian National Quantum-Readiness – Best Practices and guidelines: https://quantum-safe.ca/wp-content/ uploads/2022/12/December-2022-CFDIR-Quantum-Readiness-Best-Practices-Version-02-June-17-2022.pdf

[8] A guide to a quantum-safe organization U.S. Quantum Economic Development Consortium, December 2021: https://quantumconsortium.org/guide-to-a-quantum-safe-organization/

Other: NIST, Post-quantum cryptography PQC: https://csrc.nist.gov/Topics/Security-and-Privacy/cryptography/postquantum-cryptography

NSA, Announcing the Commercial National Security Algorithm Suite 2.0: https://media.defense.gov/2022/Sep/ 07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF

ENSIA, Cryptography: https://www.enisa.europa.eu/topics/cryptography

About Nexus

Nexus, a part of the French IN Groupe, is a European leader and innovative identity management company. We secure society by enabling trusted identities for people and things.

Nexus develops a range of security solutions which enable companies worldwide of all sizes and from all industries to issue and manage trusted identities for workforce, workplace and the internet of things (IoT).

Nexus has 300 dedicated employees across Europe and India and a vast global partner network.

As part of the French IN Groupe, Nexus has strengthened its solution portfolio and further solidified our position as a leader in identity security. Together we issue billions of digital and physical identities annually to governments, municipalities, and businesses around the world.

”

Our commitment to excellence and innovation drives us to build a secure tomorrow with trusted identities ”