Quantum risk is the threat of capable quantum computers upending cryptographic methods, such as RSA or elliptical curve algorithms, widely used today for securing information flows through communication networks. A sufficiently capable quantum adversary would be able to decrypt sensitive data in short order disrupting the trust in the digital systems that increasingly undergird our society. As with most disruptive technologies, a timeline of when a quantum computer at scale will materialize cannot be defined with precision. However, most experts concur that it is likely to occur within 5-10 years. Given the weight of investment into quantum computing, the risk is skewed towards the timeline being compressed. In brief, current cryptographic standards have an expiration date.

How Is Quantum Risk a Thing Now?

One of the biggest risks at present is what’s known as a HNDL attack. This is an acronym for “Harvest Now, Decrypt Later” where encrypted data is captured, stored, and held onto, until a quantum computer is able to unlock it. While this intercepted data is encrypted, this is a false sense of security — it will easily be decrypted by a threat actor with access to a quantum computer. So, the risk is very real today. Further, recent significant investments in quantum tech globally, as well as geopolitical motivations, have proven the debate over the quantum risk threat has shifted from no longer if, to when.

They can proactively mitigate quantum risk by devoting time now to transitioning to a post-quantum world using quantum-safe encryption solutions that already exist today. This is a rare opportunity for security to take center stage in business initiatives, but it is also necessary — by the time companies start “feeling” risk from a quantum computer, it will be much too late, because data that was stolen years ago will have been decrypted. The path to Quantum-Resilient can be considered a journey, with some clear milestones, and you must act now. 

One of the first steps is to understand where all your data resides, who has access to it, and what protection measures are currently in place. Next, it is important to understand which data is the most sensitive or valuable, what’s its lifetime, and then develop a plan to prioritize the migration of these data sets to quantum-resilient encryption. The good news is quantum secure encryption is not an exercise in “rip and replace.” Rather, it can work with existing encryption technology to move data to a quantum safe paradigm. Once organizations start quantum encrypting their most sensitive data, cybersecurity risk begins to reduce.

The Differences Between Cryptology and Post Quantum Cryptography

Traditional encryption started with RSA back in 1977. It was a public key encryption system and is the most common one used today. Basically, it uses a public key to scramble text, and then the recipient uses a private key, known only to the recipient, to “descramble” the text. Threat actors have had some limited success in “cracking” this encryption scheme, but it takes enormous computing power and, perhaps most significantly, time.

A quantum computer will be able to descramble information encrypted with conventional methods in hours or days by exploiting inherent weaknesses in classical encryption.

Cryptology is the use of cryptographic codes and protocols to protect information from adversaries. Most cryptosystems use a combination of public key cryptography (for key exchange and digital signatures) and symmetric key cryptography (for confidentiality and integrity). Examples of cryptographic protocols working in this fashion include SSL/TLS, IPsec, SSH, and encrypted email.

Public algorithms typically used in current cryptosystems are RSA and ECC. Using an attack built around Shor’s algorithm, a sufficiently powerful quantum computer will be able to break RSA and ECC, and thus reveal the keys exchanged for confidentiality and integrity, as well as compromise digital signatures.

Post quantum cryptography refers to cryptographic methods that provide resistance to attacks by adversaries using powerful quantum computers. Methods resistant, or even immune, to quantum computing attack include symmetric key cryptography with large, high entropy keys, quantum-resistant public key algorithms based on mathematical problems believed to be difficult even for powerful quantum computers to break, and quantum key distribution, a technique that uses quantum effects to securely distribute cryptographic key material.

First, whether you use QuintessenceLabs or another vendor, cybersecurity is rapidly reaching a tipping point and you should be moving to quantum-safe encryption because the risk to sensitive, long-lived data is material today. At QuintessenceLabs we deliver value to our customers, through an integrated set of tools available today to address some of the most pressing current cybersecurity challenges while preparing for the quantum threat of tomorrow.

• We provide full entropy keys using high-speed quantum random number generators.
• We ensure post-quantum crypto-agile Key Management and upgrading to using Continuous-Variable Quantum Key Distribution technology.
• We seamlessly integrate with cybersecurity infrastructure deployed today in data centers and the cloud.