The predicted power of quantum computing – thousands of times greater than traditional computing – brings huge opportunities. Yet it also poses significant and urgent risks.
While the widespread adoption of quantum computing remains years ahead, some predict disruption by the decade’s end. However, its potential as a tool for bad actors and cybercriminals is already anticipated.
The dangers of quantum attacks are immediate and real. The solution lies in post-quantum cryptography (PQC).
The need for a new approach to cryptography, and soon
It is broadly accepted that quantum computing will soon render current forms of asymmetric cryptography unsafe, including RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography).
A quantum attack will be undertaken by a cryptographically-relevant quantum computer (CRQC), capable of running algorithms designed to break traditional cryptography.
Such a computer could be used in several different attack vectors: against hardware and firmware digital signatures designed to ensure device security, against key establishment and encryption designed to protect data, and to forge the digital signatures of legitimate key owners.
It would be complacent to regard the threat as being years away, when bad actors have access to a CRQC. Already, in “harvest now, decrypt later” (HNDL) cyberattacks, criminals are stealing securely encrypted data, from password logins to healthcare data, confident that a CRQC will hand them the power to decrypt in the future.
Enter post-quantum cryptography
Post-quantum cryptography (PQC) must be a priority for every organisation.
Sometimes known as “quantum-safe cryptography” or “quantum-resistant cryptography”, PQC algorithms will replace the vulnerable algorithms used today for key establishment and digital signatures.
PQC algorithms are based on mathematical problems that are designed to be intractable for both classical and quantum computers. However, they will not necessarily be straightforward replacements for current security algorithms. System operators need to begin migrating to PQC now.
International security agencies, including the National Security Agency (NSA) and National Institute of Standards and Technology (NIST) in the US, and ENISA, the European Union Agency for Cybersecurity, have set out clear timelines for the implementation of PQC.
NIST recommends widespread PQC adoption by 2035, with classical disallow classical cryptography deprecated from 2030 and disallowed entirely from 2035. ENISA requires PQC protection no later than the end of 2030 to efforts to counter any attack, including HNDL attacks. The NSA is mandating that any infrastructure technologies procured after 2027 must support PQC, with any non-PQC infrastructure phased out by the end of 2031.
The European Union itself has stated that all member states should start transitioning to PQC by the end of 2026, with critical entities protected as soon as possible. A joint statement by cybersecurity authorities from 18 EU member states also clearly sets out the scale of the risk and the urgency required. The statement also strongly recommends defence against HNDL attacks as soon as possible and by 2030 at the latest.
The time to act is now.
The development and implementation of PQC algorithms
In addition to setting out timelines for PQC implementation, national and international security organisations such as NIST are publishing initial standards for PQC algorithms. It is essential that solutions compliant with these standards are available today, enabling product designers to build in protection and resilience immediately, while allowing for evolution in line with future best practice.
Clearly the development of quantum computing and the cybersecurity implications is moving fast. Given this dynamism, agility is essential. Hardware needs to be PQC ready as soon as possible, with an ability to provision credentials alongside so-called “crypto-agile” software upgradable to support PQC algorithms and solutions as they evolve and become standardised.
The semiconductor industry is already developing PQC security algorithms for encryption, hashing, message authentication, and digital signing. Over the next year, STMicroelectronics will continue to launch updated cryptographic libraries, software and hardware, tailored for specific industry sectors, to support PQC-readiness.
Quantum computing tomorrow; PQC today
We’re always optimistic about the potential of technological innovation. Quantum computing has the potential to be as transformational as personal computing was more than 40 years ag0 – perhaps even more so.
However, we cannot ignore the significant risks that quantum computing also brings, which will come much sooner than its widespread adoption.
Quantum-powered cyberattacks could affect almost every connected device. For products sold today with lifecycles extending beyond the arrival of quantum computing, PQC readiness is essential.