Get in contact with an Encryption Specialist
What is Post-Quantum Cryptography (PQC) and why is it so important to prepare?
Quantum computing is progressing rapidly; it won’t be long before a quantum cyberattack will be possible. Quantum cyberattacks will be able to cripple large networks in a matter of minutes. Everything we rely on today to secure our connections and transactions will be threatened by quantum computers, compromising all keys, certificates, and data. Cybercriminals, armed with quantum power to break traditional encryption algorithms, can analyze massive amounts of data or hack critical infrastructure in seconds.
Post-Quantum Cryptography (PQC), also known as Quantum-Resistant Cryptography (QRC), focuses on developing cryptographic algorithms and protocols able to stand up to quantum computing power.
Adopt a crypto agile strategy now, if you haven’t already, and begin to prepare for PQC as soon as possible.
Get started today with our free 5-minute PQC Risk Assessment Tool.
Understanding Post-Quantum Cryptography (PQC)
Respondents in the Thales Data Threat REPORT said
Prototyping post-quantum cryptography (PQC)
is the primary approach to address the future compromise of classical encryption techniques. “Harvest now, decrypt later” attacks (68%) are the leading interest.
Questions our customers often ask
Quantum computing uses quantum bits known as qubits, which are based on quantum physics that give them different properties than current computers. Quantum computers are not bound to process every combination in sequential order as computers are today. Qubits can process different pieces of information simultaneously producing hundreds of possible solutions all at once.
Today’s public key cryptography is based on factorization for RSA algorithms, or discrete log problems with DSA, Diffie-Hellman, and Elliptic-Curve Cryptography (ECC). Although these are sufficient protection today, using a quantum computer, a hacker would be able to break the algorithms or reduce the strength of the symmetric crypto keys and crypto hashes in minutes. Post-Quantum Cryptography uses a new set of Quantum Resistant Algorithms, created by researchers and tested by industry standard bodies such as NIST and ANSSI that are in the process of becoming a part of compliance requirements.
To begin, quantum computers will co-exist alongside today’s computers, being used mainly for specialized purposes. Initially quantum computers will not likely supplant cloud servers, but instead work alongside the cloud providing enterprises and businesses quantum computer capabilities in an as-a-service style. However, they promise to revolutionize our idea of compute so it is important to prepare, as much as we can, for future changes in advance by practicing crypto-agility.
To prepare for Post-Quantum Crypto (PQC), evaluate your risk exposure and create a plan to mitigate the risk. A recommended approach is to use hybrid solutions that depend on both classical and quantum-safe algorithms. Start preparing today by assessing your crypto inventory and your overall PQC readiness. Begin planning for a quantum-safe architecture, including support for new algorithms.
First, begin by looking at all your applications that manage sensitive information. If you were to change an algorithm, would the application still work? If not, what do you need to do to make them work? Be sure to do this for every crypto-dependent application in your organization to map out a plan that will allow for business continuity. Beginning early will help your organization have a smooth transition to protecting its data in a PQC world.
There are strong indications that the quantum era will begin in the next few years. Organizations generally take a couple of years to implement change throughout their infrastructure. To prepare for a PQC world, organizations need to take steps now to protect their data, intellectual property, and more against hackers using quantum computers. For example, often organizations don’t know where their keys are, where encryption is being used, or which data is being protected and how. Waiting until quantum computers are generally available is a recipe for years of theft, compromise, and a failure to comply with quantum regulations, such as CSNA 2.0 on quantum-safe code signing. With data storage requirements being long-term, hackers are using a Harvest Now, Decrypt Later strategy that creates even more risks in the future.
Certain industries are particularly vulnerable to quantum attacks now and in the future, in part due to the lifespan of the data or keys, but also in part due to the Harvest Now, Decrypt Later strategy being used by cyber criminals. Any software requiring authentication for smart devices in IoT, confidential communications using VPN, digital identities used by governments and enterprises to validate users, as well as any keys or data with a long lifespan such as in Code Signing certifications, Public Key Infrastructure, or medical devices.
Preparing Your Organization for a Quantum Future Today
Rather than being reserved for science fiction movies, quantum computers exist today as organizations drive towards commercialization.
Post-Quantum Readiness Starts with Crypto-Agility
Crypto-agility is a business strategy that enables you to future-proof your organization by:
- Having the flexibility to quickly change protocols, keys, and algorithms
- Using flexible, upgradeable technology
- Reacting quickly to cryptographic threats, such as Quantum computing
- Adding to your tech stack with minimal to no disruption
Thales products have been purposely designed to help you be crypto-agile and Quantum-safe.
Building a Future-Proof Post-Quantum Strategy
Securing an enterprise against quantum threats requires cybersecurity solutions that support Quantum Resistant Algorithms (QRA), and also offer options for Quantum Key Distribution (QKD) and Quantum Random Number Generation (QRNG). Thales is committed to delivering solutions that support a Post-Quantum crypto agile strategy.
Quantum Resistant Algorithms
QRAs are fundamental to protecting against quantum attacks whether Lattice based, Multivariate, Hash based, or Code-based cryptography
Quantum Key Distribution
QKD distributes encryption keys between shared parties based on the principles of quantum physics and the properties of quantum mechanics
Quantum Random Number Generation
QRNG is a high bit rate random number source harnessing the inherent randomness in quantum mechanics to create encryption keys
There are three component parts of a quantum safe solution, which we’ve done in our work with Wells Fargo to take some risks off the table. It starts at the key generation stage: How do you create the keys that you're using in your system? What type of keys are they? Then there is the algorithms and how do you look after them? That's the management aspect. Finally on the generation front, we are looking to produce keys that are fundamentally unpredictable. These three items are the definition for a strong key.
Kick-start your Post-Quantum Readiness
Learn about our low-cost solutions to test and simulate your current applications, data, and more with Post-Quantum Cryptography.
Thales Quantum-Ready Solutions
Rely on Luna HSMs as the market-leading crypto agile foundation of digital trust to reduce risk, ensure flexibility, easily manage keys, and simplify integrations.
Protect Encryption Keys with Luna Hardware Security Modules
HSMs protect quantum-safe keys:
- Hash Based Signing (SP 800-208)
- HSS – Hierarchical Signature Scheme (multi-tree version of LMS)
- XMSS – Extended Merkle Signature Scheme
- XMSSMT – XMSS Multi-Tree
- SPHINCS+ (SLH-DSA)
- Kyber (ML-KEM)
- Dilithium (ML-DSA)
Implement your own Post- Quantum Crypto using Luna’s Functionality Module (FM) or with various Partner FMs/integrations
Inject quantum entropy with QRNG and Luna HSM’s secure key storage
Address critical applications where high-quality random numbers are vital
Secure Data in Transit with High Speed Encryptors (HSE)
Thales HSEs include a framework to support QRA via firmware upgrade. Thales HSE solutions support all four NIST Quantum Resistant Public Key algorithms (finalists) in all products (plus other non-finalist algorithms).
Thales HSEs are quantum-ready and QKD compatible for more than a decade.
Quantum Random Number Generation is integrated into the HSE solution.
Thales HSE network encryption solutions support Post-Quantum Cryptography with a crypto-agile, FPGA-based architecture.
The Quantum Computing Cryptopocalypse
Security Sessions Podcast.
For the latest on cloud & data security.
