Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎04-10-2024 08:42 PM
‎04-10-2024 08:42 PM

Impact of Quantum Computing on Cryptography

Hi All

 

  • The impact of quantum computing on cryptography poses a serious threat ⚠️ to the sustainability of a secure digital society.
  • This risk could be realized when there is a sufficiently powerful quantum computer 🖥️, estimated throughout the 2030s if there is no acceleration in development; or before, due to the emergence of previously unidentified vulnerabilities, or improvements in classical cryptoanalysis.
  • Cryptography management has traditionally been a complex, undermanaged issue. In general, companies 🧑‍💻 are not able to quickly modify their cryptographic algorithms.
  • There is a great global 🌍effort to standardize and adopt secure cryptography against quantum computing, as well as to improve cryptography management in organizations. This effort is also reflected in various regulations, which establish in 2025 the first milestones of improvement and transition.

https://medium.com/be-tech-with-santander/impact-of-quantum-computing-on-cryptography-953db076651b

 

Regards

 

Caute_Cautim

 

 

Preview file
825 KB
Reply
3 Replies
tolda3000
Newcomer I
‎04-11-2024 12:13 AM
‎04-11-2024 12:13 AM

Thanks for posting! I agree, InfoSec staff should already be planing for the eventuality of quantum computing, as well as, other emerging technologies that will render current encryption standards irrelevant. An ad-hoc search doesn't yield as many recent results as I would like to see...disconcerting to say the least!

 

At least NIST has published a few articles that could give CISOs, CISSPs, and security teams a place to start. 

 

This is a bit dated: NIST Announces First Four Quantum-Resistant Cryptographic Algorithms

https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptograp...

 

Here is a more recent article: NIST to Standardize Encryption Algorithms That Can Resist Attack by Quantum Computers -- Three new algorithms are expected to be ready for use in 2024. Others will follow.
August 24, 2023

 

Each new publication is a draft Federal Information Processing Standard (FIPS) concerning one of the four algorithms NIST selected in July 2022: 

  • CRYSTALS-Kyber, designed for general encryption purposes such as creating secure websites, is covered in FIPS 203
  • CRYSTALS-Dilithium, designed to protect the digital signatures we use when signing documents remotely, is covered in FIPS 204.
  • SPHINCS+, also designed for digital signatures, is covered in FIPS 205.
  • FALCON, also designed for digital signatures, is slated to receive its own draft FIPS in 2024.

Two of the three post-quantum methods for digital signatures selected thus far are based on a single mathematical idea called structured lattices

 

https://www.nist.gov/news-events/news/2023/08/nist-standardize-encryption-algorithms-can-resist-atta...

 

Reply
Caute_cautim
Community Champion
‎04-11-2024 12:53 AM
‎04-11-2024 12:53 AM

Hi @tolda3000   If you do a search on the community, I have been posting updates in various places to raise awareness for some time.  Please feel free to read, digest, comment or add to the growing collection of articles and references.

 

I agree, spinning tires and waiting for the official release of the NIST approved PQC algorithms is possible a month or two away, but once it hits the road, everyone should be taking it seriously.

 

We don't want another SSL V2 migration to TLS V1.2 issue to turn up (it took six years, two of which they rejected it) because, it will be far too late, for organisations to do their own crypto analysis, and prepare for the multitude of changes required including Key Management systems too.  This is significant.

 

Regards

 

Caute_Cautim

 

 

Reply
tolda3000
Newcomer I
‎04-11-2024 01:28 AM
‎04-11-2024 01:28 AM

I still have night terrors about SSL/TLS migration and experienced the same resistance, state and local govt agencies, to upgrading. 80/20 rule very well applied. Thank you for guiding me to your posts, I’m new to the ISC2 boards, I WILL find your articles and get caught up, promise! Hopefully I can help raise awareness and inspire security advocates to elevate discussion on this subject. Be well!
Reply