Post Quantum Computing
Encouraging Organisations to Start Moving Towards Post Quantum Cryptography
Cryptography plays a key role in securing modern networks and infrastructures. It is arguably the most powerful technique in the security tool bag of the modern CISO and is used to solve a variety of security-related problems. In particular, network security uses public key (or ‘asymmetric’) cryptography extensively using a number of cryptographic algorithms that have stood the test of time.
However, the advent of quantum computing, which uses quantum effects to carry out certain types of calculation much faster than ‘traditional’ systems are able to, constitutes a major threat to public key cryptography. Once quantum computers are sufficiently evolved, an algorithm developed by Peter Shor (Shor’s algorithm) for factoring large numbers together with variants of this algorithm could be used to break existing schemes based on public key cryptography.
Post Quantum Cryptography (PQC) is the generic term for a number of techniques and algorithms that counter this threat. The idea behind PQC is to develop cryptographic algorithms that are based on mathematical problems where quantum computers offer no significant computational advantage.
An important issue for security practitioners is to predict when to begin the transition to PQC. A tool known as Mosca’s Inequality allows organisations to make an approximate estimation of this. Plugging sensible numbers into Mosca’s Inequality often results in a need to take action now.
Given the extreme nature of the threat posed by quantum computers running Shor’s algorithm, the Global Trust Forum advises its members to analyse the issue of migrating to PQC from their own risk perspective and to act accordingly.