Four ways to prepare for quantum-proof encryption

The rise of quantum computing has forced organizations to start considering how to overhaul their traditional encryption to protect today’s fast-growing digital footprint from hackers.

Quantum computing, with its ability to run millions of calculations in a fraction of the time as traditional binary code, poses a real threat to today’s most widely used encryption algorithms.

Hackers haven’t yet broken the 128-bit or 256-bit encryption standards commonly used in industries such as financial services. Trying every possible combination to “crack” these encryption algorithms would take a binary computer longer than the stated age of the universe, but a quantum computer with enough processing power could accomplish this task in seconds and make most of today’s encryption obsolete. 

The looming quantum threat extends beyond just the encryption of data. It also challenges the integrity and authenticity mechanisms that underpin digital signatures and secure online transactions, namely digital certificates. Since quantum computers could potentially break the cryptographic algorithms currently used in digital certificates, having the ability to discover and replace vulnerable certificates still in use will be a labor-intensive undertaking. 

Furthermore, the retrospective decryption capability of quantum computers means that data encrypted today, but intercepted and stored by adversaries, could be decrypted in the future once quantum computing becomes fully operational. 

This 'harvest now, decrypt later' strategy adds an urgent dimension to the need for quantum-proof encryption, necessitating a proactive approach in rethinking and reinforcing our cryptographic defenses. 

Organizations will need to transition to quantum-resistant algorithms for digital certificates, which will involve not only technological upgrades but also comprehensive revisions of certificate management processes and policies. 

This transition will require a new approach to certificate lifecycle management, ensuring that certificates can be rapidly replaced or updated in response to evolving quantum threats, and that they remain robust against future decryption methods. The scale of this challenge is significant, given the widespread and growing reliance on digital certificates for a multitude of applications and services across the internet. 

Preparation is Key

Despite the fact that quantum computers are not mainstream yet, change is coming. Therefore, organizations -- from multinationals to small businesses -- need to plot a roadmap to navigate this upcoming disruption and safeguard their digital assets. 

Below are six steps to put an enterprise on the path to a more secure post-quantum future: 

* Taking a long-hard look at the organization's crypto architecture can provide a good perspective on the potential risks once quantum computing arrives. This is an opportunity to build an inventory of encrypted assets and build awareness internally about the impact quantum computing will have on enterprise security posture and gain the attention of stakeholders. 

* Stay up-to-date with the latest developments; post-quantum cryptography is evolving fast, with new tactics and algorithms being developed all the time. Keeping up is a must, by participating in conferences, reading relevant papers and staying in touch with peers. 

* Although this effort may seem overwhelming, identifying critical, high-risk assets can help set priorities to manage ahead of the quantum disruption. Look at the crypto algorithms used to safeguard sensitive data, including the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) that typically secures web apps and cloud services. 

* Fortifying your infrastructure against quantum attack will require replacing existing encryption with quantum-resistant algorithms, as well as updating and replacing a lot of hardware and software. Public Key Infrastructure (PKI) protocols and policies will also need to be updated. This can all be disruptive to operations, so planning ahead is a must for a smooth transition. 

* Standards development organizations (SDOs) are doing a lot of the heavy lifting to create post-quantum encryption algorithms. The federal government’s National Institute of Standards and Technology (NIST) has a wide-ranging ongoing process of gathering and testing quantum-ready algorithms. Organizations can benefit by participating in developing the standards. 

Admins are already challenged by the demands of certificate lifecycle management (CLM). However, updating SSL/TSL certificates annually is not enough. Besides having to update the existing certificates more frequently, admins need to worry about upgrading them to face the quantum threat.

The flexibility to switch Certificate Authorities and crypto algorithms, also known as crypto-agility, is central to responding to threats in real time. Therefore developing a certificate lifecycle management (CLM) strategy to enable crypto-agility for rapidly responding to quantum computing will provide the necessary visibility and control.

Four Steps to Quantum
Certificate Management

To implement a crypto-agile approach for managing quantum-resistant certificates consider the following best practices:

• Certificate and Key Management: The average organization uses thousands of certificates; that’s a lot of potential hazards. Now is the time to implement strong certificate and key management practices that can stand up to quantum threats. Look into certificate and key management solutions and quantum-resistant key exchange algorithms.
  
  
• Continuous training: IT and security staff will need to upskill in order to navigate the quantum disruption. The organization needs to invest now in training teams on quantum-safe cryptography to ensure they are up to date on best practices associated with quantum-resistant algorithms.
  
  
• Rigorous testing: Even the authorities at NIST found one promising algorithm was cracked by two guys with a laptop. Comprehensive testing and validation of any new encryption solutions before implementation has to be thorough. Testing must make sure they don’t interfere with existing processes, but provide the right level of security without introducing any unforeseen vulnerabilities into the network.
  
  
• Proactive budgets: Allocate budgets now for research, development, and infrastructure to support the switch to quantum-resistant encryption. Don’t wait until the quantum disruption is upon us to seek the resources to support the transition. Emergency funds are hard to come by on short notice, and it’s always better to be proactive than react.

The promise (and the threat) of quantum computing could be years away, or just around the corner. Preparing cybersecurity for a quantum-safe future is not a one-and-done, but a continuous, long-term process. An early start and well-designed strategy can pave the way to success.