While we are still far from the time when quantum computers will become a reality, the industry, especially the security one, needs to prepare for what is coming.
According to the blog post written by Roberta Faux, Director of Research at Envieta, engineers and security companies need to start studying the trade-offs of different post-quantum cryptography techniques so they are ready when quantum computers arrive.
While there is no specific date on when quantum computers will become practically usable, there are some predictions that quantum computers will be capable of breaking today’s cryptography within 10 years. Google, IBM, Intel, Microsoft, and other companies have already made significant progress in quantum computers and quantum computing.
What makes quantum computing scarry for security companies is that it will be able to break RSA and Elliptic Curve Cryptography encryptions very easily. What makes things even worse is that just changing the parameters of these encryptions will not suffice and the whole industry will have to change to completely different algorithms.
Things are not that grim as there are several proposed post-quantum cryptographic algorithms that could be resistant to quantum computers. These fall into several classes of cryptography, including multivariate, hash-based, code-based, and supersingular elliptic curve isogeny.
All of these have their pros and cons and most will require significantly larger key sizes, which could also raise the question of compatibility issues with current protocols. It will also need a higher bandwidth for creating and sharing keys as well more storage due to larger keys.
The post concludes that while quantum computing brings plenty of benefits, it is imperative that companies need to prepare for what it brings and get ahead of it before it is too late, as the transition to the quantum age will certainly bring a lot of unknowns and trials.
Roberta Faux has recently written a whitepaper on post-quantum cryptography as a member of the Cloud Security Alliance (CSA), titled „The State of Post-Quantum Cryptography”, but we will cover that one in a separate post.
You can check out the full post over at EETimes.com.