Security in a Post-Quantum World
Research has demonstrated that fault-tolerant quantum computers can crack common encryption algorithms used today, enabling bad actors to gain access to confidential data such as government secrets, medical documents or bank information. While quantum computing is still in early stages of development and the timeline for widespread adoption remains uncertain (with some estimates it will start to break encryption around 2030 or later), the stakes are too high to not proactively prepare for a post-quantum world. After all, you can’t wait for the storm to buy an umbrella. In the coming decade, as governments and companies seek to locate and mitigate quantum vulnerabilities, a new generation of quantum-resistant technology is poised to take center stage.
Quantum Security Is an Emerging Technology
Many of us outside the world of quantum research are peripherally aware of quantum computing, if only as a distant, futuristic concept. IBM defines quantum computing as “a rapidly emerging technology that harnesses the laws of quantum mechanics to solve problems too complex for classical computers.” Tactically, while today’s computers run on bits, which are binary and at any time can have a value of either 0 or 1, quantum computers run on quantum bits, or qubits, which can be in a superposition of both values, so can also exist as any proportion of 0 and 1 simultaneously. This allows quantum computers to perform calculations dramatically faster than classical computers, with their computational power rising exponentially as their number of qubits grows.
Notably, quantum computers are highly susceptible to various types of errors and decoherence caused by factors such as environmental noise and imperfect qubit operations. Therefore, before real world applications can be considered, it is necessary to develop fault tolerance, which is the ability of a quantum computer to perform accurate computations in the presence of such errors. Fault tolerance will be a crucial unlock in the development of quantum technology.
The progression of quantum computing holds immense promise. Fault-tolerant quantum computing has the potential to revolutionize many industries, such as healthcare, materials science and finance, as this technology could be used to discover new drugs, design new materials and develop more effective risk analytics. However, quantum computing also represents a serious cybersecurity threat. Fault-tolerant quantum computers will be capable of cracking many common cryptographic systems, particularly asymmetric encryption (e.g., RSA), that protect important data today. As a result, as quantum computing matures, sensitive data held by governments, businesses, and individuals is potentially at risk.
While the significant research push in this space is driving encouraging advancements, the timeline for widespread availability remains uncertain. We make no claims around the timeline; instead, we simply posit that once we reach the tipping point, there will be an immediate and existential security threat to systems that failed to future-proof themselves. This explains why quantum resilience is a near-term priority for many Fortune 500 companies we spoke to in the course of our research. Although this threat remains conceptual today, quantum physicists, engineers and security experts are taking action, building critical technologies that will enable governments and companies to secure information in the face of a quantum threat. We are eagerly following the emergence of a new category of quantum-resistant technology, as visionary companies develop tools that help nations and businesses identify and mitigate their quantum weaknesses.
In this article, we’ll provide I) a condensed history of the field, II) a simplified overview of the categories of quantum-resistant technology and III) a perspective on customer maturity and future adoption trajectory for these technologies.
I. A Condensed History
Since the idea of quantum computing was first proposed in the 1970s-80s, researchers, governments, and companies have raced to develop functional, fault-tolerant quantum computers. The field of quantum-resistant technology has evolved in response to this finding and subsequent progress in quantum computing. We’ve included key milestones in quantum-resistant technology in the United States in the timeline below.
While the US has led the charge in enacting regulation around post-quantum cryptography, interest in quantum progress, and its security implications, is global. The European Union Agency for Cybersecurity (ENISA) published a report entitled “Post-Quantum Cryptography: Current State and Quantum Mitigation Study” in 2021, and a follow up, “Post-Quantum Cryptography: Integration Study,” in 2022. These reports educate system owners on the PQC standardization process, and provide guidance on best practices for risk mitigation today, as well as for designing and integrating quantum resistant systems in the future. Likewise, in January 2023, Canada introduced a three-pillared National Quantum Strategy, the second pillar of which is to “ensure the privacy and cybersecurity of Canadians in a quantum-enabled world through a national secure quantum communications network and a post-quantum cryptography initiative.”
If we take engagement in quantum computing as a leading indicator, we can expect regulation and centralized guidelines regarding PQC to continue to proliferate worldwide: As of a September 2022 McKinsey study, China had announced $15.3 billion of public funding for quantum, the EU $7.2 billion, the US $1.9 billion, Japan $1.8 billion and the UK $1.3 billion. India, Canada, Russia and Israel had each announced between $500 million and $1 billion of public funding. As quantum computing matures in each region, governments will continuously grow aware of and educate their constituents on on the related cybersecurity risks.
II. An Overview of Categories
Organizations that wish to secure their systems against quantum threats undergo two distinct processes, each of which demands dedicated enabling technology.
This two-phase view is, of course, an oversimplification. Cryptographic inventorying is complex, sometimes time intensive and can be an iterative process. Remediation is gradual, multi-step and can involve an intermediate step of “cryptographic agility,” in which businesses begin to build new cryptographic systems such that algorithms can be easily swapped out in the future.
On the inventorying side, cryptographic discovery and inventory tools are potentially relevant to the majority of government agencies and companies: When quantum threats become immediate, all organizations that house data they wish to secure will need to understand their quantum security posture. Providers such as Sandbox AQ (Cryptosense module), Isara and IBM are leading the market in cryptographic discovery and inventory tools.
Sandbox takes a particularly interesting approach to this space, pairing cryptographic inventorying with a broader cryptography management suite that identifies and remediates encryption that is vulnerable today, even prior to quantum threats. Given that most companies – even large financial institutions – rely on cryptographic systems that have been cobbled together over time and have not been critically scrutinized, Sandbox aims to meet customers where they are at by cataloguing cryptography, patching up immediate vulnerabilities and eventually aiding in post-quantum transition processes.
On the remediation side, enabling technology is largely most relevant to the “base layer” of cryptography – OEMs, cybersecurity vendors and others that create the tools that house cryptography. These companies might either build their own remediation solutions or incorporate third-party offerings into their solutions. For companies outside of this “base layer,” encryption comes primarily through third-party tools (e.g., an e-commerce company does not build its own cryptography, but rather its cryptography lives within its third-party software stack). They might purchase a PQC application (e.g., a quantum-safe VPN, or quantum-safe versions of their existing cybersecurity and software tools more generally) but are unlikely to interact directly with underlying remediation technology.
In terms of enabling technology for remediation, post-quantum cryptography is positioned to become the mainstream technology of choice. While quantum random number generation and QKD rely on quantum computing, and involve changes to physical systems or hardware, PQC can be performed in the absence of quantum and implemented without redevelopment of hardware, so it is more realizable in the near term and easier to scale. Companies such as PQShield, Isara, PQSecure and CryptoNext are building innovative solutions that enable cryptographic agility and post-quantum remediation. Other providers, like Quantropi and Qrypt, focus specifically on QKD and quantum entropy.
Interestingly, in addition to evaluating these new technologies, some enterprises we spoke with are also considering using existing resources in their defense arsenal and simply putting more controls in place around their most sensitive data assets. For instance, you can imagine a bank safeguarding a proprietary trading algorithm by restricting role-based access, introducing multi-factor-authentication (MFA) and air-gapping the network.
III. Adoption Trajectory
So, where does this leave us today? We believe that early adopters, motivated by regulation, are beginning to demand quantum inventorying and remediation technology today, while mainstream companies, awaiting a technological incentive, will adopt later.
Technological incentives
Nations and private companies continue to work in earnest towards developing and scaling quantum computers. However, the technological threat to encryption does not seem to be immediate: Estimates of quantum computing progress vary, but the industry consensus seems to be that quantum computers will start to be able to break encryption around 2030 or later.
Some government agencies and companies might be intrinsically motivated to transition towards quantum-resistant systems prior to a live quantum threat, motivated by 1) fear of “steal now, decrypt later” ploys in which sensitive information is stored by bad actors until quantum computing matures, at which point it is decrypted,* 2) desire to begin the long transition process prior to a live threat or 3) worry that quantum progress might accelerate unexpectedly.
However, the most likely scenario seems to be that technological progress will become a meaningful driver of demand for quantum-resistant technology only towards the latter half of the decade. The next technological milestone that is expected to drive demand for post-quantum cryptography will occur when quantum computing achieves fault tolerance. As a result, near-term adoption of quantum-resistant technology will be driven by regulation and standardization, more so than by technological progress in quantum computing.
Regulatory incentives
The spate of US regulations in 2022, outlined in the timeline above, educated future customers about quantum threats and fueled growth in quantum-resistant technology.
NSM-8 and -10 in particular kickstarted demand for cryptographic inventorying tools; by mandating the creation of inventories for certain government agencies, these memoranda triggered demand among the public sector and its collaborators, and raised awareness elsewhere. NIST’s announcement of the initial four standardized cryptographic algorithms had a similar accelerating impact on PQC exploration, as many “base layer” companies had been hesitant to begin building quantum-resistant offerings before understanding which algorithms would be the standard path forward.
Based on our industry conversations, many government agencies and companies with particular vulnerability (e.g., autonomous vehicle manufacturers, IoT, defense, telecos, large banks, key government contractors) have roadmaps in place for assessing and upgrading cryptographic systems, or will have such roadmaps in place by the end of the year. As a result, the “base layer” that serves such players (e.g., OEMs, cybersecurity and IT providers, HSM vendors for banks) are likewise preparing for this shift. Outside of government and highly sensitive industries, however, mainstream preparation of cryptographic systems for quantum threats is not yet underway.
Timelines for adoption are fundamentally uncertain, as they hinge on future technological progress and regulatory decisions. Based on the information that we have today, we believe that demand for cryptographic inventorying is immediate, particularly for government agencies and high sensitivity industries. As companies build their cryptographic inventories, they are likely to look towards tools that enable management of traditional cryptography, as well as those that facilitate cryptographic agility.
Going forward, we estimate that in the next half decade, many government agencies and companies in highly-sensitive industries will have inventoried their cryptographic systems and begin the remediation process. Within the next decade, we will likely start to see additional areas of large industry make progress along this journey. Demand for quantum inventorying and remediation technology will accelerate, as the transition towards quantum-secure systems enters the mainstream.
We’re eager to watch the development of this space in the coming years, and welcome conversations with anyone building, evaluating, purchasing or investing in quantum-resistant technology.
* The fear of “store now, decrypt later” does not apply equally to all data because data has a shelf life. For example, some customer data held at banks, may not retain value in 10-20 years’ time and is only relevant, accurate and actionable for a set period of time. Recognizing and bucketing data in this way can help prioritization of efforts.