Op-Ed: What Should You Do about Securing Data from Quantum Computers? Or Should You…
Cryptography & the Hype Over Quantum Computing
Excerpts and salient points ~
+ If you believe the quantum computing hype, within a few years we will have achieved “quantum supremacy” — meaning that quantum computers will be able to carry out computations not possible with classic computing infrastructure — and within 10 years all cryptography will be broken as a result. This hype is fed by researchers vying for grant money, companies selling post-quantum secure encryption, and the fact that no one can say that they are actually wrong.
It’s not time to move to post-quantum cryptography yet — too many things are still up in the air. But you can start to become prepared by making sure your infrastructure is agile.
+ But all of this is about what the “community” should do. What should you — as someone who uses cryptography to secure your business — do? Let’s start with what you shouldn’t be doing. You shouldn’t buy post-quantum encryption and the like before standardization is complete. What if you need to encrypt something that has to remain secret for 20 years? In my opinion, you should still hold off. However, if you are very concerned, you can encrypt using a method that combines post-quantum and classical schemes. Such a method requires an attacker to break both schemes in order to learn anything.
+ This is the proposed method since although we have confidence in post-quantum secure schemes that have been proposed, they are less well-studied than RSA and ECC. Among other things, this affects our understanding of the required key sizes. If you do insist on moving forward now, I recommend using an academically validated post-quantum scheme combined with a classical scheme, as explained above.
+ While I don’t think most organizations should deploy post-quantum secure cryptography now, there is one thing that everyone should do: transition your cryptographic infrastructure to one that is “agile” — that is, one that makes it possible to relatively easily switch algorithms, key lengths, and so on. When the algorithm and lengths are hard-wired into the code, the cost and complexity of changing can be overwhelming. This is why people continued using MD5 and SHA1 years after they were broken.xxxxxCryptographic agility is an important property even aside from the issue of quantum computing because algorithms are sometimes broken, and key and other lengths sometimes need to be updated. You will therefore be doing yourself a favor even if quantum computing never happens. But if it does, you’ll be ready, and you’ll be able to replace your existing schemes with the best known at that time. This is my recommendation to everyone.
Content may have been edited for style and clarity.