Preparing for the Post-Quantum Migration: A Race to Save the Internet | Womble Bond Dickinson
National agencies and scientific institutions are well aware of the threat of quantum computers to existing cryptography. In 2015, the United States National Security Agency first published warnings of the need to transition to quantum-resistant algorithms. One year later, the National Institute of Standards and Technology (“NIST”) began a standardization initiative for post-quantum cryptography and secure operating parameters. Post-quantum cryptography is the study of crypto-systems that can be run on a conventional computer and is sufficiently secure against both quantum and conventional computers. However, the trial process is lengthy and NIST continues to review and scrutinize potential quantum-resistant algorithms. The initiative identified five classes of cryptographic systems that are currently quantum-resistant: lattice based; multivariate-quadratic-equations; hash-based; code-based; and supersingular elliptic curve isogeny. NIST is expected to announce the first algorithm to qualify for standardization within the next two years.
During this transition period while the world awaits NIST’s findings, there are measures that can be taken now to begin securing data against quantum computing and preparing for the upcoming migration. Organizations should begin the engineering work necessary to prepare their infrastructure for the implementation of post-quantum cryptography as soon as the migration is ready. To begin preparing now, experts recommend that organizations create a reference index for those applications that use encryption and ensure that current and future systems have sufficient cryptographic agility. Reference indexing allows organizations to assess quantum vulnerabilities ensuring that all applications are migrated, minimizing the risk of incidents occurring in one part of their digital ecosystem. It is essential that organizations perform an ongoing assessment of their risks and migrate quickly to prevent systemic data insecurity.
Organizations should develop a plan to transition to quantum-resistant encryption. Planning ahead will minimize system down time and provide flexibility for responding to any implementation flaws. Organizations can utilize their…