The day when computationally relevant quantum computers can crack basic encryption is coming. Arguably, some claim such a system exists on the short term horizon while others believe such an event to occur years in the future.
Protecting your data, now, is the best course of action to avoid today’s data being decrypted by tomorrow’s quantum computer. We call this possibility, “Q-Day”. The day when a quantum computer with sufficient capabilities can crack encryption.
Thwarting quantum computer threats from such malicious activity requires organizations to use crypto agility. The term crypto-agility refers to your organization’s ability to quickly and efficiently switch from one cryptographic algorithm or protocol to another. This is important because the cryptographic algorithms and protocols used can be vulnerable to quantum computer cryptanalysis or other types of unforeseen attacks.
We call this possibility, “Q-Day”. The day when a quantum computer with sufficient capabilities can crack encryption.
Some examples of crypto agility in practice include using cryptographic libraries that support multiple algorithms, using flexible cryptographic key management systems, and designing information systems that easily support the use of new cryptographic algorithms or protocols. By maintaining a crypto agility system, you can ensure your cryptographic infrastructure remains secure and effective over time, even as the cryptographic landscape evolves.
Fortunately, quantum-safe cryptographic algorithms and protocols are being developed and tested. This algorithm can be easily implemented in cryptographically agile systems. This means your organization can quickly and easily switch to new algorithms or cryptographic protocols without disrupting operations or compromising the security of your data.
To avoid the wrath of Q-Day requires a proactive approach to cryptography. Commissioning a crypto-agile system would make great strides towards this goal. Avoiding tomorrow’s Q-Day demands action today.
Robert Clifford is a CISSP with over 25 years of experience in security-centric environments.