The most popular and comprehensive Open Source ECM platform
Digital Encryption as it is currently implemented is in danger of being thwarted by Quantum Computing. Encryption today is based on the ability to factor very large numbers, a problem very difficult for today’s best computers to solve, but a problem that will be fast and simple once next-generation quantum computers become available.
True quantum computing is likely at least a decade away although researchers in the technology are reporting on frequent successes. Jon Lindsay, associate professor at Georgia Tech, wrote in a 2020 article for Strategic Studies Quarterly that “the size of the quantum window of vulnerability depends on relative rates of engineering progress in quantum computing and quantum-safe alternatives, as well as political considerations about how long secrets needs to be protected.”
The worry is that quantum techniques might be available sooner than expected. And the volume and breadth of data currently encrypted today is so large that any attempt to change communication and storage security methods to use quantum-secure encrypting will take considerable time leaving existing technology vulnerable should the technology become available sooner than expected.
The US National Counterintelligence and Security Center warned that “whoever wins the race for quantum computing supremacy could potentially compromise the communications of others. Without effective mitigation, the impact of adversarial use of a quantum computer could be devastating to national security systems and the nation, especially in cases where such information needs to be protected for many decades.”
Jack Hidary, CEO of Sandbox AQ, said that “depending on the organization’s size, it would take a few months to do the discovery and inventory. It is a process to use machine learning-driven software to deploy around the network, find all the places where they are using vulnerable protocols like RSA, inventory, and then create a migration plan. Not everything can be migrated at the same time, one should prioritize which part of the encryption to move at what time, and then, once that plan is in place, it would take a few years.”
Georgianna Shea, chief technologist of the Center on Cyber and Technology Innovation, wrote that “instead of assuming that quantum computing remains a distant threat, Washington must work with industry to begin developing standards, educating the private sector, and exploring regulations to shift toward quantum-secure encryption today.”
In the US, NIST is currently in the process of selecting quantum-resistent algorithms to recommend for use going forward. Nick Sullivan, a researcher at Cloudflare, said that “it’s certainly a solid step to bless a candidate, but as a follow-up, the Internet has to agree on how to integrate an algorithm into existing protocols.”