Will your organization survive the crypto-pocalypse? “The power of quantum computing brings the day closer when the conventional encryption we all rely on can no longer protect us,” warns Roger A. Grimes, cybersecurity author and columnist. In his CSO article, he discusses how quantum supremacy will upend conventional encryption as we know it.
Crypto-pocalypse? The term conjures up attacking zombies and survival skills — only those who can outsmart the zombies survive. While zombies may be imaginary, the threats that quantum computers pose to classic cryptography are not. Grimes outlines ways to prepare in his book, Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today’s Crypto. He urges, “Companies need to start thinking seriously about their post- quantum migration plans.”
Indeed. Implementing crypto-agile solutions can ease the quantum-safe migration. For example, ISARA’s Catalyst™ Agile Digital Certificate Methodology enables a cost-effective and simplified migration to quantum-safe security today by supporting two cryptographic algorithms — e.g. one classic and one quantum-safe algorithm — within a single X.509 certificate.
What is crypto-agile? Let’s get familiar with some quantum computing vocabulary that will be part of your IT security lingo in 2021 and beyond:
crypto-agility. The capacity for a system to adopt an alternative to the original encryption method or cryptographic primitive without significant change to system infrastructure or disruption to dependent systems.
crypto-risk. A quantitative metric or measure, or a qualitative assessment, of the risks to information security (and to systems and processes which depend on information security) faced by an organization due to vulnerabilities in cryptographic systems.
crypto-visibility. The degree to which an organization is aware of where cryptography is used, how cryptography is implemented, and which cryptographic systems are employed throughout the organization.
quantum-safe cryptography (QSC). Cryptographic algorithms that are believed to be secure against quantum computer-enabled attacks. Also known as post-quantum cryptography or quantum-resistant cryptography.
quantum supremacy. The goal of demonstrating that a programmable quantum device can solve a problem that no classical computer can feasibly solve. In October 2019, Google claimed to achieve quantum supremacy with an array of 54 qubits out of which 53 were functional.
quantum advantage. The goal of demonstrating that a programmable quantum device can solve a problem that no classical computer can feasibly solve, where solving the problem has practical application(s).
quantum risk. General term referring to the collection of information security, economic, operational, business continuity, etc. risk exposure of a particular organization or entity due to the quantum threat.
quantum threat. General term referring to the threat to information security, economic prosperity, business continuity, etc. resulting from the unique capabilities of quantum computing (in particular, the ability to break public-key cryptography).
Y2Q. A shorthand for “years to quantum”; while technically framed as a countdown, the term is often employed as the quantum computing parallel of the Y2K bug to represent the timeline of when a quantum computer can break public-key cryptography — for example, when a quantum computer will be capable of factoring an RSA-2048 modulus.
The reality is that your organization will survive the crypto-apocalypse and come out ahead with minimal disruptions, if you start preparations now to ward off the scary “what ifs.”
For a complete glossary of quantum computing terms and a hype-free explanation of what’s at risk and what you can do, download the guide, Managing Cryptographic and Quantum Risk.
Want to learn more about crypto-agility solutions and quantum-safe security? Let’s schedule a meeting: https://www.isara.com/#request-meeting. Or, you might be interested in our Quantum-Safe Readiness Program for Enterprises, to equip your IS, IT and cryptography teams with actionable know-how and practical hands-on experience.