The day when a computationally relevant quantum computer can break basic encryption is coming. Arguably, some claim such a system is on the near-term horizon while others believe such an event is many years in the future.
Protecting your data, now, is the best course of action to avoid today’s data being decrypted by tomorrow’s quantum computers. We call this eventuality, “Q-Day”. The day when a quantum computer of sufficient capability can break encryption.
Thwarting a quantum computer’s threat of such nefarious activity calls for an organization to employ crypto-agility. The term crypto-agility refers to the ability of your organization to quickly and efficiently transition from one cryptographic algorithm or protocol to another. This is critical as cryptographic algorithms and protocols in use could become vulnerable to a quantum computer’s cryptanalysis or other unforeseen types of attacks.
We call this eventuality, “Q-Day”. The day when a quantum computer of sufficient capability can break encryption.
Several examples of crypto-agility in practice include the use of cryptographic libraries supporting multiple algorithms, use of flexible cryptographic key management systems, and information system designs which easily support employing new cryptographic algorithms or protocols. By maintaining a system of crypto-agility, you can ensure your cryptographic infrastructure remains secure and effective over time, even as the cryptographic landscape evolves.
Fortunately, quantum-secure cryptographic algorithms and protocols are being developed and tested. These algorithms could be readily implemented in a cryptographically agile system. This means your organization could quickly and easily switch to a new cryptographic algorithm or protocol without disrupting operations or compromising the security of your data.
To avoid the wrath of Q-Day requires a proactive approach to cryptography. Commissioning a crypto-agile system will make great strides to this end. Avoiding Q-Day tomorrow demands taking action today.
Robert Clifford is a CISSP with over 25 years of experience in security-centric envrionments.