Post-Quantum Cryptography Becoming Relevant in Pre-Quantum World

TREND ANALYSIS: Now is the time for enterprises to start preparing for Quantum computing-powered security breaches. They will start happening.


Quantum computers will be able to instantly break the encryption of sensitive data protected by today's strongest security, warns Arvind Krishna, director of IBM Research. "Anyone that wants to make sure that their data is protected for longer than 10 years should move to alternate forms of encryption now," said Krishna.

Krishna was speaking at IBM’s Think 2019 event held in San Francisco, offering insights into what the real world impact of Quantum computing can potentially have on today’s cryptography methodologies. Insights that should create concern for the users of existing cryptographic methods.

That very subject was also a topic of conversation at the DigiCert Security Summit 2019, which took place in Las Vegas two weeks prior to IBM’s event, where DigiCert announced that it was developing Post Quantum Cryptography (PQC) technology.

The threat is very real, and The National Institute of Standards (NIST) predicts that within the next 20 or so years, sufficiently large quantum computers will be built to break essentially all public key schemes currently in use. A more optimistic timeline than experts at both IBM and DigiCert predict.

IT Leaders Need to Think Ahead

When a federal government agency, a company that is investing heavily in Quantum computing and a company that that has built is business on SSL/TLS and PKI encryption begin to agree, it quickly becomes obvious that the threats Quantum computing pose to today’s cryptography methods should not be taken lightly. These are threats that have spawned innovation and have led to the concept of building Post Quantum Cryptography (PQC) solutions.

Naturally, as a provider of digital certificate technology, DigiCert has a lot of skin in the cryptography game and is taking steps to get ahead of the threat posed by Quantum Computing. It has been participating in NIST’s Call for Proposals to create standards for PQC.

NIST further illustrates the importance of establishing PQC now with the statement: “Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure. Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.”

DigiCert is working with cybersecurity vendor Utimaco and Microsoft to develop a next-generation PKI (Public Key Infrastructure) that should address the primary concerns presented by Quantum computing breaking encryption.

“DigiCert, Microsoft Research and Utimaco are collaborating today to solve tomorrow’s problem of defending connected devices and their networks against the new security threats that the implementation of quantum computers will unleash,” said Avesta Hojjati, Head of DigiCert Labs, the company’s R&D unit. “Together, we are leading the market with development of hybrid certificates that inject quantum-resistant algorithms alongside RSA and ECC to ensure long-term protection.”

New Algorithm Being Tested to Stop New Threats

Dr. Brian LaMacchia from Microsoft Research said that “large-scale quantum computers capable of breaking RSA and ECC public-key cryptography will exist within the next 10 to 15 years. The work that Microsoft Research is doing with DigiCert and Utimaco is important to develop quantum-secure cryptographic algorithms, protocols and solutions today.”

The trifecta of companies are backing up their claims with results. On Feb. 12, DigiCert announced a successful test implementation of the Picnic algorithm, with digital certificates used to encrypt, authenticate and provide integrity for connected devices.

The test used certificates issued by DigiCert using the Picnic quantum-safe digital signature algorithm developed by Microsoft Research. To implement this algorithm and issue certificates, DigiCert has used an Utimaco Hardware Security Module.

The full solution, in development, would provide quantum-safe digital certificate issuance and secure key management, helping companies future-proof their IoT deployments.

“DigiCert, Utimaco and Microsoft’s successful test implementation provides a fundamental building block for the implementation of quantum-safe solutions,” said Dr. Thorsten Grötker, CTO at Utimaco. “Using these solutions, IoT manufacturers and other large organizations can innovate and develop products that are well prepared against coming quantum threats.”

Naturally, there is more work to be done. However, the Picnic algorithm has been included in Round-2 submissions of the NIST PQC standardization process demonstrating that the efforts by the companies involved were indeed worthwhile.