Preparing for the Coming Quantum Cryptographic Break

Computers based on quantum mechanics are maturing to a point where they seriously threaten to compromise much of today’s existing traditional cryptography, including HTTPS, Wi-Fi networks, logon authentication, smartcards, multifactor authentication, and public key infrastructure (PKI). No one knows exactly when quantum computers will mature to the point of being a real threat to most organizations, but estimates range from a few years to less than 10 years.

In 2016, the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) recommended that all organizations start to prepare for the coming cryptographic break. Most organizations are already years late in beginning their preparation.

As part of following those recommendations and due to ever increasing improvements in quantum computing, BSC Systems can assist your preparation to address the issue. We will help you prepare a data protection inventory (to determine which of your critical digital assets need long-term protection against unauthorized access) and to create a plan to ensure that critical information is protected by the appropriate quantum-resistant cryptography and other mitigations.

The goal is to upgrade your quantum-susceptible cryptography to quantum-resistant forms before the quantum cryptography break occurs.
The quantum break is likely to impact many of your existing data protection implementations. Therefore, beginning this project now will minimize future business disruption and costs. Overall project costs, resources, and timelines cannot be adequately estimated until after the Data Protection Inventory and Analysis tasks.

Frequently Asked Questions (FAQ)

What is quantum mechanics?

Quantum mechanics/physics is a long-proven physical science that describes actions and properties of very small particles. Everything in the universe works and depends on quantum mechanics. Regardless of how non-intuitive it may seem to humans, it’s how the world works. Computers and software are being created that function using quantum particles and properties. Within a few years, if not already, we will have quantum computers capable of doing things non-quantum computers cannot, including breaking many forms of traditional cryptography and creating new, unbreakable forms of cryptography.

How long have quantum computers been around?

The first working quantum computer was created in 1998. Today there are well over a hundred quantum computers and dozens of different types of quantum devices. All known quantum computers are still relatively weak, in the laboratory and experimental stages, but are predicted to become stronger than traditional computers soon. The world’s governments and corporations are spending tens of billions of dollars a year in the pursuit to build quantum supercomputers and networks. Quantum computer vendors include the world’s largest companies, such as Google, IBM, Intel, Microsoft, and Alibaba.

How is quantum computing able to threaten traditional cryptography?

Particular types of quantum computers, armed with a mathematical algorithm known as Shor’s algorithm, can quickly factor math equations that involve large prime numbers. Equations involving large prime numbers are what gives most traditional public key cryptography its protective capabilities. Traditional binary-based computers cannot easily factor large prime number equations. Quantum computers with enough “qubits” can factor large prime number equations in a very short amount of time, measured in minutes to hours.

When will quantum computers break traditional public key cryptography?

No one knows for sure, although as soon as quantum computers get four thousand or so “stable” qubits, it is believed that traditional public keys 2048 bits long or shorter can be cracked quickly. Most of the world’s existing public cryptography relies on such keys. Quantum computers are capable of removing half the protective power of the other types of cryptography. General estimates of time until quantum computers are capable of breaking traditional public crypto range from a few years to less than 10 years. Either way, most experts say now is the time to start preparing. If the break happens sooner than people are expecting, then we are better prepared to respond appropriately.

What can be done now?

You should look at all the places where your critical data protection could be impacted and the risk may need to be mitigated. Near-term mitigations are likely to include increasing existing cryptographic key sizes, isolating critical data, and moving to quantum-resistant cryptography. Long-term mitigations, years out, include migrating to quantum-based ciphers and devices.

How can BSC help?

BSC senior engineers hold degrees in Quantum Physics and have been working in cybersecurity for over 15 years. In addition, they hold credentials such as the CISSP and are steeped in cryptology and specifically in its vulnerabilities to quantum computing. In addition, we have assisted many commercial and government organizations to achieve cybersecurity accreditations such as FISMA, HIPAA, and CMMC. It will become increasingly important for government contractors to demonstrate that they have taken all reasonable measures to respond to the quantum computing threats.

BSC Systems has established a Quantum Response Group to monitor the development of quantum-resistant cryptology standards and technologies as well as the overall advance of quantum computing by IBM, Google, D-Wave, Microsoft, Rigetti, and others.