The new math: Solving cryptography in an age of quantum
Quantum computers are likely to pose a severe threat to today’s encryption practices. Updating encryption has never been more urgent.
Kelly Raskovich
Bill Briggs
Mike Bechtel
Ed Burns
Colin Soutar
Sunny Aziz
Itan Barmes
Cybersecurity professionals already have a lot on their minds. From run-of-the-mill social engineering hacks to emerging threats from AI-generated content, there’s no shortage of immediate concerns. But while focusing on the urgent, they could be overlooking an important threat vector: the potential risk that a cryptographically relevant quantum computer (CRQC) will someday be able to break much of the current public-key cryptography that businesses rely upon. Once that cryptography is broken, it will undermine the processes that establish online sessions, verify transactions, and assure user identity.
Let’s contrast this risk with the historical response to Y2K, where businesses saw a looming risk and addressed it over time, working backward from a specific time to avert a more significant impact.1 The potential risk of a CRQC is essentially the inverse case: The effect is expected to be even more sweeping, but the date at which such a cryptographically relevant quantum computer will become available is unknown. Preparing for CRQCs is generally acknowledged to be highly important but is often low on the urgency scale because of the unknown timescale. This has created a tendency for organizations to defer the activities necessary to prepare their cybersecurity posture for the arrival of quantum computers.
“Unless it’s here, people are saying, ‘Yeah, we’ll get to it, or the vendors will do it for me. I have too many things to do and too little budget,’” says Mike Redding, chief technology officer at cybersecurity company Quantropi.2 “Quantum may be the most important thing ever, but it doesn’t feel urgent to most people. They’re just kicking the can down the road.”
This complacent mindset could breed disaster because the question isn’t if quantum computers are coming—it’s when. Most experts consider the exact time horizon for the advent of a CRQC to be irrelevant when it comes to encryption. The consensus is that one will likely emerge in the next five to 10 years, but how long will it take organizations to update their infrastructures and third-party dependencies? Eight years? Ten years? Twelve? Given how long it took to complete prior cryptographic upgrades, such as migrating from cryptographic hashing algorithms SHA1 to SHA2, it is prudent to start now.
In a recent report, the US Office of Management and Budget said, “It is likely that a CRQC will be able to break some forms of cryptography that are now commonly used throughout government and the private sector. A CRQC is not yet known to exist; however, steady advancements in the quantum computing field may yield a CRQC in the coming decade. Accordingly … federal agencies must bolster the defense of their existing information systems by migrating to the use of quantum-resistant public-key cryptographic systems.”3
The scale of the problem is potentially massive, but fortunately, tools and expertise exist today to help enterprises address it. Recently released postquantum cryptography (PQC) algorithm standards from the US National Institute of Standards and Technology (NIST) could help to neutralize the problem before it becomes costly,4 and many other governments around the world are also working on this issue.5 Furthermore, a reinvigorated cyber mindset could set enterprises on the road to better security.
Now: Cryptography everywhere
Two of the primary concerns for cybersecurity teams are technology integrity and operational disruption.6 Undermining digital signatures and cryptographic key exchanges that enable data encryption are at the heart of those fears. Losing the type of cryptography that can guarantee digital signatures are authentic and unaltered would likely deal a major blow to the integrity of communications and transactions. Additionally, losing the ability to transmit information securely could potentially upend most organizational processes.
Enterprises are starting to become aware of the risks posed by quantum computing to their cybersecurity. According to Deloitte’s Global Future of Cyber survey, 52% of organizations are currently assessing their exposure and developing quantum-related risk strategies. Another 30% say they are currently taking decisive action to implement solutions to these risks.
“The scale of this problem is sizeable, and its impact in the future is imminent. There may still be time when it hits us, but proactive measures now will help avoid a crisis later. That is the direction we need to take,” says Gomeet Pant, group vice president of security technologies for the India-based division of a large industrial products firm.7
Cryptography is now so pervasive that many organizations may need help identifying all the places it appears. It’s in applications they own and manage, and in their partner and vendor systems. Understanding the full scope of the organizational risk that a CRQC would pose to cryptography (figure 1) requires action across a wide range of infrastructures, supply chains, and applications. Cryptography used for data confidentiality and digital signatures to maintain the integrity of emails, macros, electronic documents, and user authentication would all be threatened, undermining the integrity and authenticity of digital communications.8
To make matters worse, enterprises’ data may already be at risk, even though there is no CRQC yet. There’s some indication that bad actors are engaging in what’s known as “harvest now, decrypt later” attacks—stealing encrypted data with the notion of unlocking it whenever more mature quantum computers arrive. Organizations’ data will likely continue to be under threat until they upgrade to quantum-resistant cryptographic systems.
“We identified the potential threat to customer data and the financial sector early on, which has driven our groundbreaking work toward quantum-readiness," said Yassir Nawaz, director of the emerging technology security organization at JP Morgan. "Our initiative began with a comprehensive cryptography inventory and extends to developing PQC solutions that modernize our security through crypto-agile processes.”9
Given the scale of the issues, upgrading to quantum-safe cryptography could take years, maybe even a decade or more, and we’re likely to see cryptographically relevant quantum computers sometime within that range.10 The potential threat posed by quantum to cryptography may feel over the horizon, but the time to start addressing it is now (figure 2).
“It is important that organizations start preparing now for the potential threat that quantum computing presents,” said Matt Scholl, computer security division chief at NIST. “The journey to transition to the new postquantum-encryption standards will be long and will require global collaboration along the way. NIST will continue to develop new post-quantum cryptography standards and work with industry and government to encourage their adoption.”11
New: Upgrading to a quantum-safe future
There’s good news, though. While upgrading cryptography to protect against the threat of quantum computers requires a comprehensive and widespread effort, given sufficient time, it should be a relatively straightforward operation.
Initial steps include establishing governance and policy, understanding current cryptographic exposure, assessing how best to prioritize remediation efforts across the infrastructure and supply chain, and building a comprehensive road map for internal updates and contractual mechanisms to ensure vendors meet the updated standards.
“The first step to reclaim control over decades of cryptographic sprawl across IT is to leverage modern cryptography management solutions, which empower organizations with critical observability and reporting capabilities,” says Marc Manzano, general manager of cybersecurity group SandboxAQ.12
Once these initial steps are completed, organizations can begin updating encryption algorithms. In August 2024, NIST released new standards containing encryption algorithms that organizations can implement. The agency says these encryption methods should withstand attacks from quantum computers by changing how data is encrypted and decrypted.13
Current encryption practices encode data using complex math problems that outpace the computing power of even today’s most powerful supercomputers. But quantum computers will likely be able to crack these problems quickly. The updated NIST standards move away from today’s large-number-factoring math problems and leverage lattice and hash problems, which are sufficiently complex to bog down even quantum computers.14
Large tech companies are already beginning their transition. Following the release of NIST’s updated standards, Apple updated its iMessage application to use quantum-secure encryption methods.15 Google announced that it implemented the new standards in its cryptography library and will use them in its Chrome web browser.16 IBM, which has invested heavily in developing quantum computing technology, has integrated postquantum cryptography into several of its platforms, and Microsoft has announced that it will add quantum-secure algorithms to its cryptographic library.17
In 2021, the National Cybersecurity Center of Excellence (NCCoE) at NIST started the Migration to PQC project. It has grown to over 40 collaborators, many of whom have cryptographic discovery and inventory tools with differing capabilities. The project demonstrates the use of these tools in a manner that will enable an organization to plan for their use. Other collaborators are focused on testing the PQC algorithms for use in protocols to understand their interoperability and performance as they prepare to implement PQC in their products.18
“An organization needs to understand where and how it uses cryptographic products, algorithms, and protocols to begin moving towards quantum-readiness,” says Bill Newhouse, co-lead for the Migration to PQC project at the NCCoE. “Our project will demonstrate use of the tools and how the output of the tools supports risk analysis that will enable organizations to prioritize what it will migrate to PQC first.”19
Next: Leveraging postquantum cryptography to prepare for future threats
While enterprises upgrade their encryption practices, they should consider what else they might do. This can be likened to cleaning out the basement: What can be done to clean out the back corners no one has looked at in a decade? They will map out highly technical, low-level capabilities in core systems that haven’t been assessed in years. Perhaps they will uncover other potential issues that can be addressed while upgrading cryptography, such as enhancing governance, improving key management processes, implementing a zero trust strategy, upgrading cryptography while modernizing legacy systems, or simply sunsetting tools that haven’t been used in a while.
Organizations that engage in proper cyber hygiene are likely to strengthen their broader cyber and privacy practices. They will likely be more cautious about collecting and sharing anything other than strictly necessary data, establish more robust and accountable governance mechanisms, and continually assess trust between digital components. Beyond protecting against the far-off threat of quantum attacks, these practices harden an enterprise’s defenses today by building secure habits into everyday activities.
Enterprises should consider how to create a reproducible set of activities to protect their cryptographic systems against various types of attacks and failures, a concept known as cryptographic resilience. Today, organizations need to prepare for the quantum threat vector, but tomorrow, the next new risk will require a different approach. Security teams shouldn’t have to go through this entire exercise again when a new threat emerges—instead, they should develop the muscles necessary to add or swap out cryptographic capabilities quickly and seamlessly.20
As our digital and physical lives become more closely linked, our friendships, reputations, and assets are undergoing a digital transformation. These areas are mediated digitally and secured cryptographically. Going forward, the privacy and integrity of messages, transactions, and an increasing share of the human condition will be built upon a foundation of digital trust. Protecting cryptography isn’t only about protecting enterprise data stores—it’s about shielding increasingly sensitive areas of our lives.
“As our reliance on cryptography intensifies in the digital economy, organizations must act swiftly to prepare for a controlled transition to maintain the trust they’ve built with customers and partners,” says Michele Mosca, founder and CEO of evolutionQ. “It’s crucial for organizations to develop a quantum-safe road map and partner with vendors to kick-start this vital shift. Prioritizing the security of your most sensitive information isn't just prudent—it’s essential.”21
Quantum computers are likely to bring significant benefits to a range of areas, such as drug discovery, financial modeling, and other use cases, that improve people’s lives. These potential benefits should not be overshadowed by the attendant security challenges. This is why enterprises should start hardening their defenses now so that they are prepared to reap the potential benefits of quantum computing without major disruption from its risks.
