Commodities trading expert Domen Zavrl has PhDs in system dynamics and applied macroeconomics, having conducted a wealth of research in the field of quantum-proof cryptography. With experts warning of the impending ability of quantum computing to break existing algorithms, this article will look at moves by the global security community to develop systems capable of withstanding post-quantum threats.

Cryptography is an increasingly popular means of keeping data secure and preventing third parties from intercepting digital messages. Cryptography relies heavily on algorithms. As soon as an algorithm can be cracked it renders the system vulnerable to attack and must therefore be swiftly replaced.

Quantum computers are already capable of cracking a significant proportion of algorithms. Post-quantum cryptography (PQC) relies on algorithms that have been specially designed with quantum computers in mind, protecting data from interception. To make the leap to PQC, companies will need to convert much of the cryptography already in their systems through ‘post-quantum cryptography migration’, an incredibly complex and convoluted process.

Around the world today, forward-looking businesses are already mobilising to implement their PQC migration strategies. As it is impossible to replace all algorithms simultaneously, prudent business owners are tackling their most vulnerable algorithms first, i.e. those that protect vital assets. However, this in itself presents significant challenges due to the fact that most companies lack a clear overview of what cryptography they are using and where. For this reason, the vital first step to PQC migration is making an inventory of all cryptography used by the company.

The point at which quantum computing becomes capable of breaking cryptographic algorithms, known as ‘Q-Day’, is already looming large. PQC has becoming an increasing priority for the global cybersecurity community. As experts strive to understand, develop and implement encryption capable of withstanding post-quantum attacks in the future, security specialists warn that Q-Day could arrive within the next decade, potentially leaving all manner of digital information vulnerable to attack and interception by bad players.

Dylan Rudy serves as lead scientist on the Booz Allen quantum sciences team. In an interview with CSO, he theorised that PQC mitigation could provide an opportunity to reevaluate the wider cybersecurity landscape, suggesting that cybersecurity infrastructure could be redesigned into a new crypto agility framework through the integration of PQC algorithms in zero-trust architecture.

There is currently significant concern among security experts and policymakers alike that quantum computing could undermine the mathematical foundations of current encryption methods, with potentially catastrophic results. Experts warn that while development of sufficiently powerful quantum computers may be years away, early preparation is crucial as the upgrade process will be substantial.

In high-security sectors, the threat of ‘harvest now, decrypt later’ looms large, forcing businesses to take a proactive stance rather than awaiting the advent of ‘oven-ready’ solutions. Early adopters are taking advantage of hybrid services and products, allowing them to start the migration process immediately rather than holding out for updated internet protocols.

In September 2023, the PQC Coalition launched by a community of researchers, technologists and expert practitioners with the aim of driving progress of understanding and wholesale adoption of PQC algorithms. Founding members included Microsoft, IBM Quantum, PQShield, SandboxAQ, MITRE and the University of Waterloo.

The coalition aims to focus on four workstreams initially:

  1. Ensuring cryptographic agility
  2. Creating technical materials to support workforce development and education
  3. Advancing PQC migration standards
  4. Producing and verifying open-source, production-quality code and developing side-channel-resistant code for industry verticals

The PQC Coalition committed to applying its collective technical influence and expertise to facilitate global implementation of PQC in open-source and commercial technologies. Coalition members have pledged to contribute their expertise to create and advance interoperable technical approaches and standards, paving the way for knowledgeable experts to provide critical outreach and education.