In early July, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced that after six years it had settled on four different algorithms – CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON and SPHINCS+ – that they have determined will be able to withstand the quantum computers that are being developed.

Although the completion of a lengthy international mathematical study may seem to be of limited importance outside of computer science circles, these findings will come to impact every aspect of our lives and businesses, even if we don’t notice them.

The idea of a quantum, as opposed to binary, computer has existed since the 1980s, but only in recent years have working prototypes like IBM’s Eagle been developed. These systems are already substantially faster than the fastest conventional supercomputers and, because of the strange, counterintuitive nature of quantum phenomena, can perform calculations that would take a prohibitive amount of timeon conventional computers. Even as early as 1994, scientists had determined that quantum computers could break RSA public/private key encryption that to this day underpins much of digital security.

The threat from quantum computing

Hypothetically, it would be possible for existing computers to break RSA encryption, but efforts to do so would take a classical computer around 300 trillion years. According to the paper linked above, by using Shor’s algorithm – a quantum algorithm for finding the prime factors of an integer– a quantum computer with sufficient qubits could break the same encryption in seconds. Although there are unlikely to be desktop quantum computers, or even commercially available quantum computers that major companies could operate from their server rooms, for decades or more, governments and very large companies will have access to them.

Without preparing adequately for post-quantum security, attackers could access credit card information, steal encrypted patient data or compromise the security of cryptocurrency. Digitally signed documents created before a switch to quantum-resistant algorithms would also be vulnerable, potentially invalidating millions of legal agreements unless they could be re-signed by both parties in a format that uses quantum computer-resistant cryptography. Even blockchains, which power the $2 trillion cryptocurrency market and an increasingly large number of other applications, could be vulnerable to quantum computers.

It would also be possible for digitally signed documents to be retroactively altered. Digital documents are increasingly replacing documents signed by hand, and even physical documents are scanned and stored securely. In a post-quantum world, every digitally signed document that didn’t have a physical equivalent would be suspect, and therefore legally unenforceable. Some document signing companies have tens of millions of rental agreements and employment contracts on their servers, and all these documents will need to be re-secured before quantum computers become a feasible threat.

What this means for businesses

Businesses will need to understand what elements of their data need protecting and what will be worthless to cybercriminals, which will determine where post-quantum cryptography (PQC) and conventional cryptography can be used. Key to this is understanding the timescales in which data becomes obsolete; some data will need to be protected indefinitely, while other data will be useless to bad actors after years.Once this has been done, a proof-of-concept that uses PQC or hybrid methods to protect data can be created before a plan is put in place to roll it out across a company’s digital assets.

For some systems, it will be a case of simply switching from using one method to another. Transport Layer Security – a cryptographic protocol designed to provide communications security over a computer network – for instance, can be made quantum-resistant, and post-quantum cipher suites are already available in Amazon Web Services. This will mean that information that is in transit, for example credit card details being sent from a customer to an eCommerce retailer, should be able to be secured in any future transactions. Legacy systems might need to be significantly upgraded or replaced, however, and fully rolling out quantum security over an organization could take years to complete in some cases.

Companies have two options available when it comes to securing existing assets. The first is to re-encrypt data with the new quantum-resistant algorithms, but this can be time-consuming when there are thousands or even millions of pieces of data that need to be encrypted. Another option is to use ‘hybrid’ encryption, in which the existing encryption is left in place, but a layer of quantum-resistant encryption is placed over it. However, there are issues with this including making files larger, and the possibility that incorrectly implemented hybrid security could be as insecure as regular non-quantum safe security.

It should also be noted that although the four algorithms that NIST has identified are believed to be quantum-safe because full-scale quantum computers haven’t been developed yet, there is a possibility that real-world testing will show that they are not. It is also worth noting that there are going to be further stages of evaluation, so some of the four may be dropped or added to by the next round. This creates difficulty for security professionals dealing with a migration to quantum-resistant cryptography – potentially they could go all in on migrating to an algorithm that is shown to be unsafe by further testing or by tests against real quantum computers.

Cybersecurity solutions provider Utimaco predicts that rather than having a single dominant crypto scheme as we do today, where RSA predominates there will be varied schemes, possibly all the current NIST candidates. This is because there are far more use cases for cryptography today than there were previously, such as IoT and Cloud devices, so the size and performance characteristics of different schemes need to vary. It also provides an extra layer of security by effectively hedging our bets – bad actors may be able to crack one scheme, but they won’t be able to crack them all. This means that everything from individual devices to whole organizations will need to become ‘crypto agile’, able to work flexibly across many different schemes.

What organizations can do today

It’s clear that practical quantum computing is coming, maybe within the next decade, and that when it does a great deal of existing cryptography will be rendered useless. It is equally clear that transitioning the algorithms that secure companies’ data is potentially a difficult, costly exercise with no guarantee of security. However, working with a specialist cybersecurity company that has been preparing for a post-quantum world can significantly cut the costs and time spent on transitioning to being safe against future threats.

Opinion by Nils Gerhardt, chief technology officer of cybersecurity solutions provider Utimaco, and board member of the IoT machine-to-machine (M2M) Council.