Quantum computing is the next frontier in technological innovation, one which could change the world forever. But it also represents a potential ticking time bomb from a cybersecurity perspective. That’s because quantum computers, once perfected beyond laboratory conditions, will be able to crack the asymmetric (public key), cryptography on which many enterprises, societies, and economies rely to keep prying eyes away.
The good news is that symmetric cryptography is resistant to this kind of “quantum cracking.” It represents a useful bulwark against quantum-related security risks, while industry experts work out ways to transition public key infrastructure (PKI) to quantum safety.
Quantum computing sounds like magic. Based on the theory of quantum mechanics, pioneered by Albert Einstein, it derives much of its power from “qubits,” quantum particles which behave in ways that defy the normal rules of physics. When applied to computing, qubits can be used to represent a zero and a one at the same time. Encoding one and zero simultaneously rather than sequentially dramatically accelerates processing speeds, making lightning-fast calculations and problem solving a reality.
This could be used to super-charge AI algorithms and open the door for potentially revolutionary discoveries in pharmaceutical and chemical sectors, as well as huge leaps forward in finance, autonomous driving and many other use cases. Unfortunately, it could also undermine trust in the PKI on which much of the modern world is built—from financial transactions and secure communications, to e-commerce, identity, electronic voting, and much more.
Although we are at least 10-15 years away from a working quantum computer which can achieve this, threat actors could theoretically steal data now to decrypt in a decade’s time when they have the means to do so. That lends an urgency to the challenge of discovering “quantum safe” algorithms to replace current asymmetric cryptography with.
While PKI is facing an existential threat in the form of quantum computing, symmetric encryption systems are already quantum safe. In fact, we offer “mobile post quantum safes” which protect enterprise data anywhere—at rest, in motion and in use. Tokenization technology like this provides peace-of-mind that the corporate crown jewels can be kept safe from prying eyes, even in a post-quantum world.
But the bigger picture is that enterprises still rely heavily on PKI. In fact, all internet communication is based on asymmetric encryption. That means, until PKI has been transitioned to quantum safety, there will always be opportunities for threat actors to find a way to access sensitive data stores.
The good news is that standards for quantum safe asymmetric encryption are being worked out today. The US National Institute of Standards and Technology (NIST) Post-Quantum Cryptography Standardization Program has already shortlisted several algorithms, and aims to have new quantum-safe standards in place by 2024.
In the meantime, governments are already planning for the new post-quantum era, and enterprises would do well to start thinking about it too. While some of the world’s smartest minds work on creating more certainty in the PKI sphere, symmetric encryption solutions represent a technology organizations can invest in today, that will stand them in good stead.
The road to quantum safety will be a long one. But tokenization represents a solid first step.