Post-quantum cryptography (PQC) is likely not a subject that most Americans discuss at their kitchen tables. However, the topic affects not only every American but every citizen around the globe.
To understand post-quantum cryptography, we must understand quantum computers.
Quantum computers are considered “super-computers” and use a principle called entanglement, which contributes to a quantum computers' ability to perform complex computations at speeds far beyond what current computers can achieve.
Major tech companies are actively researching developing quantum computers to harness super-computer benefits. However, quantum computers are raising alarms amongst industry experts.
The concerns are numerous, however. They center on the ability of quantum computers to break current data encryption. Because quantum computers can solve complex mathematical problems, common encryption defenses like RSA and Diffie-Hellman — which are commonly used to secure communications and for authentication — are easily decrypted.
In a world where quantum computers are used, sensitive information, such as banking transactions, text messages, emails, photos, credit card data and medical records, becomes vulnerable to criminals. National security secrets and classified information also have the potential for exposure by adversaries due to the defenseless nature of present-day cryptographic algorithms to quantum attacks.
Additionally, bad actors are currently conducting HNDL, "harvest now, decrypt later," attacks. In these cases, cybercriminals collect encrypted information from databases, networks, and communication systems and store them for later decryption with the help of quantum computers. While some cases may be discovered and reported, data is often stolen without the owner's knowledge.
Fraudsters are banking on quantum computers’ availability to decrypt and harvest the stolen data. Experts warn that this could lead to significant financial losses, privacy breaches and security threats.
HNDL attacks highlight the urgent need for post-quantum cryptography. Researchers are developing new post-quantum cryptography which consists of algorithms that are resistant to quantum attacks performed with the use of quantum computers.
Quantum Key Distribution, or QKD, a method that uses quantum mechanics to secure communication in the quantum era, is proposed as a solution to ensure that any attempt to intercept the key would be immediately detected.
According to its website, The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST), has been working on the issue since 2015. The organization solicited quantum-resistant public-key cryptographic algorithms to evaluate for standardization.
In 2021, Matthew Scholl, Chief of the Computer Security Division at NIST stated that the organization is “working with the brightest minds in government, academia, and industry from around the world to develop a new set of encryption standards that will work with our current classical computers — while being resistant to the quantum machines of the future.”
In 2024, NIST released post-quantum encryption standards which are “ready for immediate use.” NIST is encouraging organizations to start transitioning to these new standards as soon as possible.
Deputy Secretary of Commerce Don Graves reportedly stated:
“Commerce bureaus are doing their part to ensure U.S. competitiveness in quantum, including the National Institute of Standards and Technology, which is at the forefront of this whole-of-government effort. NIST is providing invaluable expertise to develop innovative solutions to our quantum challenges, including security measures like post-quantum cryptography that organizations can start to implement to secure our post-quantum future. As this decade-long endeavor continues, we look forward to continuing Commerce’s legacy of leadership in this vital space.”
While NIST has placed the onus for the transition and adoption of PQC on tech providers, IT product developers and service providers, the wider public can do a few things to assuage their concerns.
The public can start by understanding that quantum computing poses risks to encrypted communications, particularly those protecting personal data.
NIST encourages the continued use of strong encryption on the part of users. Ensure your online accounts and sensitive data are encrypted using the most up-to-date methods.
Citizens should also implement regular software updates and ensure that devices run the latest security patches. These security patches may include quantum-resistant algorithms released by NIST.
The public is also encouraged to support quantum-safe solutions by requesting the adoption and use of products that implement post-quantum cryptography.
Businesses can assess risks by conducting audits of current cryptographic systems, identifying vulnerabilities, and ensuring they are addressed.
Staying informed is at the forefront of defense against any threat — post-quantum computing included. Keep up with news and developments in post-quantum cryptography standards and ensure that technologies comply.
Collaborate with industry authorities, cybersecurity professionals, and technology experts familiar with PQC. Being privy to their insights could assist in remaining risk-averse.
Data encryption best practices to protect sensitive information should be continued. Ensure that independent third-party software and technology developers have upgraded their encryption to quantum-safe protocols.
With the threat of quantum computers on the threshold, our only hope is to do our part and pray for the best regarding security in a post-quantum era.
V. Venesulia Carr is a former United States Marine, CEO of Vicar Group, LLC and host of "Down to Business with V.," a television show focused on cyberawareness and cybersafety. She is a speaker, consultant and news commentator providing insight on technology, cybersecurity, fraud mitigation, national security and military affairs. Read more of her reports — Here.