Preparing for Q-Day as NIST nears approval of PQC standards
Q-Day—the day when a cryptographically relevant quantum computer can break most forms of modern encryption—is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks.
While estimates just a few years old suggested that a quantum computer capable of running Shor’s Algorithm would not be operationally available until 2029 or later, more recent research to produce fault-tolerant quantum systems, such as the 48 qubit system produced by a team at Harvard, combined with news of PsiQuantum’s million qubit system slated to come online in 2027, suggest that the Q-Day horizon, however secretively or publicly it plays out, is coming faster than most anticipated.
Beyond the concerns presented by the breaking of cryptography, there is an existing threat that requires urgent action today. “Harvest Now, Decrypt Later” campaigns are currently underway, and troves of encrypted data is being stolen now to decrypt it later using a quantum computer.
The limits for malicious use are unending; for instance, encrypted data on the inner workings of a nuclear facility stolen in 2024 would still be relevant and exploitable in 2030 when a quantum computer can decrypt it. Given the massive vulnerability these campaigns represent today, cybersecurity leaders should focus on shifting toward quantum-resilient systems as soon as possible.
While CISOs and security personnel are busy contending with the day-to-day challenges brought on by phishing, malware, account compromises, ransomware, and other complex and damaging cyberattacks, “Harvest Now, Decrypt Later” threats and the catastrophic ramifications of the impending cryptography break have taken a back seat in terms of prioritization. However, the only way to ensure the digital commons remains operational and secure into the future is to collectively begin fortifying defenses in preparation for the coming quantum wave.
A new era of post-quantum cryptography (PQC) standardization
According to NIST, the “goal of post-quantum cryptography (also called quantum-resistant cryptography) is to develop cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing communications protocols and networks.” In July 2022, NIST published four draft PQC algorithms (CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON). The highly anticipated final standardization, expected to be published in July 2024, will deliver “three new Federal Information Processing Standards (FIPS)” for quantum-resistant algorithms, according to Bill Newhouse, cybersecurity engineer at NIST’s National Cybersecurity Center of Excellence. These NIST-validated quantum-resilient algorithms will finally be ready for deployment and enterprise use by security-oriented public and private sector early adopters.
However, the shift away from classical encryption to PQC won’t happen overnight—and it shouldn’t. Solutions will need to be hybridized with current best-in-class cryptography during an initial transition phase with the eventual goal of ensuring all systems incorporate quantum resilience wherever possible. The most challenging question faced by stakeholders ranging from the defense departments and governments to critical infrastructure groups is where and how to begin the process.
Deploying quantum-resilient algorithms
As outlined by the US Office of Management Budget directive, which advises agencies on how to prepare for quantum resilience, the first step is to inventory active cryptographic systems, including those used for creating and exchanging encryption keys, providing encrypted connections, or creating and validating digital signatures.
Once all systems have been identified, they can be categorized and prioritized by the most sensitive and critical data segments to have the most important systems upgraded first. This process involves replacing current encryption methods with quantum-resilient algorithms, a complex and time-consuming initiative.
Finding the right place to deploy PQC first to protect the most secure data systems and meet implementation constraints, while also avoiding the known and unknown pitfalls of trialing new technologies is enough to warrant much of the inaction we’re seeing today.
For security-conscious, forward-thinking organizations willing to trial and roll out PQC alongside the forthcoming NIST standardization, specific IT systems should be prioritized to ensure the long-term security of sensitive information. These systems include key management systems responsible for generating, distributing, and managing cryptographic keys, secure communication systems including virtual private networks (VPNs), secure email, cloud services, and applications, bespoke critical systems such as those used by financial institutions or in scientific research and engineering environments, along with operationally critical IoT devices.
There are also across-the-board architectural changes that can be made quickly for broad initial protection, e.g., deploying quantum resilient TLS proxy systems, such as terminators and load balancers, and upgrading application layer cryptography libraries.
Embracing PQC to counter quantum threats
NIST’s standardization of PQC algorithms is the last piece of data most organizations have been waiting to start implementing PQC solutions. Although our shared quantum computing-enabled future is constantly evolving alongside the corresponding defensive barriers required, the soon-to-be-published NIST standards offer a call to action backed by a sufficient degree of certainty to those on the fence about starting their PQC implementation journey.
While most CISOs are currently and rightly engaged in defending against the most urgent threats, action to protect them from being swamped by the coming wave of Q-day is prescient. A quick shift now to PQC effectively mitigates current “Harvest Now, Decrypt Later” campaigns, protects the fundamental inner workings of data security and privacy for years to come, and prepares us all for a quantum-enabled future.