What You Need to Know to Embrace the Imminent Quantum Shift for Your Cryptography Future
By Eddy Zervigon, CEO of Quantum Xchange
Cryptography has long been essential in ensuring the protection of data and communication networks. However, even as we rely on it to safeguard sensitive information, vulnerabilities continue to give cause for concern. Remaining reliant on outdated cryptographic standards certainly adds to the dangers of compromise. Most legacy systems still cling to standards like MD5, SHA-1, TLS 1.1, and SSL 3.0 years after their prime.
The implications are significant. Networks are exposed to unnecessary risks with potential vulnerabilities that are ripe for exploitation by threat actors. As we usher in an era of cloud-scaling and quantum technologies, the stakes are raised even higher. With regulations such as CCPA, DORA, GDPR, HIPAA, PCI, SOX, and others in play, organizations face the need to evolve or risk breaches that could seriously compromise their operations.
The limits of PKE
For almost five decades, public key encryption (PKE) has been the standard-bearer for digital data protection. Its architecture, which relies on the exchange of public and private keys to encrypt and decrypt data, has been generally effective.
But inherent to this process of encryption is how it operates. The decryption key often travels alongside the data it’s meant to protect. With quantum computers’ potential to disrupt this system, our current data safety has become an illusion in a future where traditional computing will no longer be adequate, with many thinking of it in the same way we might have viewed mobile phones of the early 90s.
Think about it. Even if data is protected with PKE today, it can be copied and stored, waiting for the day when a more powerful computer is able to decrypt it. Adding impetus to the change is the fact that quantum computers have already demonstrated their ability to break PKE. A conventional computer would need 300 trillion years to break RSA encryption, which many see as the gold standard for PKE. A quantum computer can do it in 10 seconds.
The need for post-quantum cryptography
Fortunately, a shift is happening that has been dubbed one of the most extensive cryptographic transitions in the history of computing – moving from the well-established PKE to the emergent post-quantum cryptography (PQC). This represents a foundational change that will impact every facet of our increasingly digital lives.
The federal government is currently planning the upgrade of digital networks with post-quantum cryptographic standards as outlined in a May 2022 national security memorandum, anticipating the arrival of a fault-tolerant quantum computer. Last year, the National Institute for Standards and Technology (NIST) shortlisted quantum-safe encryption algorithms to preempt the quantum threat.
Of course, making the change will be massively disruptive, given the scale of the environment. PKE and its dependencies underpin the bulk of the public internet. In the US alone, it protects 4.5 billion internet users, powers 200 million websites, and secures $3 trillion of retail e-commerce transactions annually. Now, expand that to the rest of the world, and the enormity of the challenge becomes clear.
Challenges of transition
Change, especially of this scale, is never straightforward. The NIST’s 2021 report, ‘Getting Ready for Post-Quantum Cryptography,’ highlighted the complexities of adopting PQC. The reality is that even after the standardization process concludes, making a full transition could easily span up to 15 years. That’s a long time to become fully secure in a quantum world.
Adopting a multi-faceted approach in this regard is vital. For instance, using PQC, QKD (Quantum Key Distribution), QRNG (Quantum Random Number Generator), or even different combinations will ensure organizations are no longer reliant on any single encryption method.
Taking the leap
Recent innovations like the Quantum Xchange CipherInsights tool can provide a strategic advantage. This solution monitors network activity, discovers cryptographic assets, and assesses risks to bring an additional layer of defense. Deployed as a virtual appliance, CipherInsights goes beyond traditional scanning of endpoints only. It analyzes traffic in real-time, pinpointing sanctioned and unsanctioned encryption. Within 90 minutes, it can evaluate whether networks are compliant with regulations, ensuring that businesses remain on the right side of the law.
Beyond this, organizations must continually undertake extensive risk assessments if they’re to navigate the quantum future effectively. This involves segregating data based on protection urgency – classifying them as “severe,” “soon,” or “stable.” A vital step here is to identify data guarded by quantum-susceptible solutions.
Here, we refer to solutions like symmetric algorithms with key sizes under 256 bits or traditional asymmetric cryptography. The strategy of choice merges the principles of diversification, akin to spreading risk across various investments in a financial portfolio, with crypto-agility. This approach involves the organization adopting crypto-agility, a flexible system that supports a variety of cryptographic methods, while simultaneously remaining vigilant to threats by utilizing multiple security techniques.
As the digital landscape evolves, organizations must be proactive. They must look at ways to future-proof their operations against the known and the unforeseen. Investing in quantum-safe solutions is a building block for the new world.
About the Author
Eddy Zervigon, CEO of Quantum Xchange. Eddy Zervigon is a seasoned senior executive with extensive operational, restructuring, and turnaround experience. Throughout his career in investment banking and corporate advisory, Zervigon has amassed an impressive track-record working with management teams to craft, refine, and execute winning business plans; hire highly effective teams; and lead successful investment monetization via sale or IPO. As a Managing Director in the Principal Investments Group at Morgan Stanley from 1997-2012, Zervigon was responsible for technology, media and entertainment and energy investments throughout Latin America and the U.S. He has been a Special Advisor at Riverside Management Group, a boutique merchant bank, since 2012 and currently sits on the board of directors at Bloom Energy (NYSE: BE) and Maxar Technologies (NYSE: MAXR). Zervigon holds an MBA from the Amos Tuck School of Business at Dartmouth College, a master’s in taxation from Florida International University as well as his undergraduate degree in accounting.
Eddy can be reached online at our company website Quantum Xchange