Why post-quantum cryptography is a key security differentiator

Post-quantum (PQ) cryptography is the development of new cryptographic approaches that can be implemented using today’s computers but will be impervious to attacks from tomorrow’s quantum ones.

With quantum computing seemingly on the agenda of major enterprises today, many organizations are still not fully prepared for the challenges and opportunities presented by quantum computers.

In fact, advances in quantum computing may threaten the integrity of traditional asymmetric encryption algorithms in the near future. As such, the potential to empower brute force attacks could eventually succeed in minutes rather than years.

According to Microsoft researchers, “existing public-key cryptography is based on the difficulty of factoring and the difficulty of calculating elliptic curve discrete logarithms. Because those two problems will be readily and efficiently solved by a sufficiently large-scale quantum computer, we are looking now at cryptography approaches that appear to be resistant to an attacker who has access to a quantum computer. We are developing cryptosystems whose security relies on different, hard mathematical problems that are resistant to being solved by a large-scale quantum computer.”

Recently, the National Institute of Standards and Technology (NIST) published a shortlist of PQ safe algorithms which will be resilient to these attacks. Although these algorithms are undergoing review from academics and industry, security-conscious organizations need to start work now in order to be fully prepared for a post-quantum future. This includes carrying out due diligence by investigating the adoption of the short-listed algorithms in their cryptographic ecosystem.

Apart from NIST, NATO’s Cyber Security Center (NCSC) has also tested a PQ VPN provider by UK-based quantum computing provider Post-Quantum to secure its communication flows. The White House further released a  National Security Memorandum which gave the National Security Agency (NSA) 30 days to update the Commercial National Security Algorithm Suite (CNSA Suite) and to add quantum-resistant cryptography.

To help organizations assess their cryptographic stance and integrate quantum-resistant algorithms into their encryption workflows and services, Entrust has announced four new solutions. They include:

• Cryptographic Centre of Excellence Expands to Support PQ Preparedness – provides actionable recommendations to remediate identified risks in crypto and manage the challenges of PQ.
• Entrust nShield Post-Quantum Cryptography Option Pack – a software development suite of cryptographic functions based on NIST PQ shortlisted algorithms running within a representative Entrust nShield Hardware Security Module (HSM) environment.
• Quantum Java Toolkit – enables organizations to integrate quantum-safe algorithms into their digital certificate generation workflows.
• PKIaaS for Post Quantum – give organizations the ability to test multi-certificates or composite certificates with their applications, with the added benefit that these will be underpinned by Entrust nShield HSMs.

For Anudeep Parhar, Chief Information Officer at Entrust, post-quantum computing is an inevitable threat to cybersecurity. While it is unclear when exactly the post-quantum threat will become real, it is generally expected to occur within the decade. He added that as the migration to quantum-safe algorithms can take several years, now is the best time to prepare for post-quantum.

“Entrust is at the forefront of post-quantum cryptography. We are participating members of the Internet Engineering Task Force (IETF), and we are also participants in the NIST PQ competition,” commented Parhar. “Through growth initiatives and investment in solutions like those announced today, we are helping our customers today to prepare for tomorrow.”