In a recent #AscertiaOn podcast, Ascertia’s Chief Product Officer, Mike Hathaway, discussed quantum readiness – and why it’s essential to prepare for quantum-resistant cryptography now.
Our Guide to Quantum Computing defines quantum computing and the potential threats the industry could see from this emerging technology. Being prepared for all eventualities is imperative. So, what impacts could we see from quantum technology, and how do we prepare?
We’ve been here before. From the run-up to Y2K to the migration from SHA1 to SHA2, preparation for change isn’t new to the industry.
The preparation for quantum is much the same as we did for these sweeping changes.
In short, quantum computers will significantly change the systems using cryptography. Public key cryptography including RSA and Elliptic Curve, will likely see the most impact.
Eventually, quantum computers will have the ability to break both RSA and ECDSA public key schemes. Any system that uses this technology will need to be updated or replaced.
The ability to crack current encryption methods puts all digital trust at risk. Future quantum strategies should include re-encrypting any documents or data that used RSA or ECDSA keys.
For digitally signed documents and data, we face different challenges. Depending on the original signature type initially used, the archive document signature scheme PAdES Long-term Archival (LTA) will enable you to apply timestamps to your documents.
This scheme enables them to be accessed and verified in the future. With this technology, documents signed in this way can have their timestamps updated using quantum-safe cryptography.
The exponential threats to digitally signed documents are on the horizon. Ascertia suggests making use of PAdES LTA now.
Like with SHA1 and SHA2, quantum-proofing technology will adapt and evolve over the coming years though there are things you can start doing right now to prepare.
We suggest auditing your IT architecture. Having a good view of all your systems that use cryptography and how that cryptography is used is essential. You may find that your business has more use cases of cryptography than you initially thought.
Like with the SHA1 migration to SHA2, there are undoubtedly systems you can update, as well as legacy systems that you will need to replace. Understanding where your systems stand is essential to building a risk management plan and roadmap for a system overhaul.
Additionally, it’s critical to monitor your IT environment for threats, and there are several questions you should be asking, including:
In some cases, your vendors may have a quantum-safe product variant – but it may require an extensive upgrade program. Knowing the costs and/or time implications of quantum-proofing your IT architecture will ensure long-term digital trust success.
Your system audit should help point you in the right direction. If you have several internet-facing business-critical systems that rely on cryptography for secure connections, then updates to these systems are obvious. If you have a closed system but have many digitally signed documents in your archive, your starting point will be different and includes implementing PAdES LTA now.
Today's quantum computers pose no risk to systems since they’re not available publicly. There is no doubt that quantum computers will have an impact on public key cryptography.
The Global Risk Institute conducted an industry study. Its experts anticipate that in the next 10-15 years, there will be a serious threat to RSA and ECDSA cryptography.
While the quantum threat to digital trust isn’t immediate, starting your quantum readiness journey now will reduce the pressure to adapt as things progress rapidly.
Digital trust is our top priority, and enabling your business’s preparation for tomorrow’s quantum threats is important to us. Stay up to date on the latest trending quantum topics on our Quantum Hub, or contact our team for more information.