Impact of Quantum Computing on Cryptography

Caute_cautim

Hi All

The impact of quantum computing on cryptography poses a serious threat ⚠️ to the sustainability of a secure digital society.
This risk could be realized when there is a sufficiently powerful quantum computer 🖥️, estimated throughout the 2030s if there is no acceleration in development; or before, due to the emergence of previously unidentified vulnerabilities, or improvements in classical cryptoanalysis.
Cryptography management has traditionally been a complex, undermanaged issue. In general, companies 🧑‍💻 are not able to quickly modify their cryptographic algorithms.
There is a great global 🌍effort to standardize and adopt secure cryptography against quantum computing, as well as to improve cryptography management in organizations. This effort is also reflected in various regulations, which establish in 2025 the first milestones of improvement and transition.

https://medium.com/be-tech-with-santander/impact-of-quantum-computing-on-cryptography-953db076651b

Regards

Caute_Cautim

tolda3000

Thanks for posting! I agree, InfoSec staff should already be planing for the eventuality of quantum computing, as well as, other emerging technologies that will render current encryption standards irrelevant. An ad-hoc search doesn't yield as many recent results as I would like to see...disconcerting to say the least!

At least NIST has published a few articles that could give CISOs, CISSPs, and security teams a place to start.

This is a bit dated: NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptograp...

Here is a more recent article: NIST to Standardize Encryption Algorithms That Can Resist Attack by Quantum Computers -- Three new algorithms are expected to be ready for use in 2024. Others will follow.
August 24, 2023

Each new publication is a draft Federal Information Processing Standard (FIPS) concerning one of the four algorithms NIST selected in July 2022:

CRYSTALS-Kyber, designed for general encryption purposes such as creating secure websites, is covered in FIPS 203.
CRYSTALS-Dilithium, designed to protect the digital signatures we use when signing documents remotely, is covered in FIPS 204.
SPHINCS+, also designed for digital signatures, is covered in FIPS 205.
FALCON, also designed for digital signatures, is slated to receive its own draft FIPS in 2024.

Two of the three post-quantum methods for digital signatures selected thus far are based on a single mathematical idea called structured lattices.

https://www.nist.gov/news-events/news/2023/08/nist-standardize-encryption-algorithms-can-resist-atta...

Caute_cautim

Hi @tolda3000 If you do a search on the community, I have been posting updates in various places to raise awareness for some time. Please feel free to read, digest, comment or add to the growing collection of articles and references.

I agree, spinning tires and waiting for the official release of the NIST approved PQC algorithms is possible a month or two away, but once it hits the road, everyone should be taking it seriously.

We don't want another SSL V2 migration to TLS V1.2 issue to turn up (it took six years, two of which they rejected it) because, it will be far too late, for organisations to do their own crypto analysis, and prepare for the multitude of changes required including Key Management systems too. This is significant.

Regards

Caute_Cautim

tolda3000

I still have night terrors about SSL/TLS migration and experienced the same resistance, state and local govt agencies, to upgrading. 80/20 rule very well applied. Thank you for guiding me to your posts, I’m new to the ISC2 boards, I WILL find your articles and get caught up, promise! Hopefully I can help raise awareness and inspire security advocates to elevate discussion on this subject. Be well!