Post-quantum encryption refers to encryption methods that are secure against an attacker with a quantum computer. Current encryption methods, such as RSA and Elliptic Curve Cryptography (ECC), are vulnerable to quantum computers (cryptographically relevant quantum computers) and could potentially be broken by them. Post-quantum encryption is important because it ensures the security of encrypted communications even against a quantum computing attack. It is important to care about post-quantum encryption because it can protect sensitive information from being compromised in the future as quantum computing technology advances.
Being crypto-agile refers to the ability to quickly and easily adapt to changes in cryptographic methods and
technologies. This includes the ability to upgrade encryption algorithms and protocols as new weaknesses are
discovered or new technologies become available. It also includes the ability to switch between different
algorithms or protocols as needed to ensure continued security.
Crypto-agility is important because it allows organizations to maintain the security of their communications and protect sensitive information even as cryptographic threats evolve. It enables organizations to respond to new vulnerabilities and attacks by quickly deploying new cryptographic methods, rather than waiting for a complete system overhaul.
Adopting a crypto-agile approach can also help organizations avoid vendor lock-in and maintain flexibility in their security strategies.
The National Institute of Standards and Technology (NIST) is concerned about Elliptic Curves, Diffie-Hellman
(DH), Elliptic Curve Diffie-Hellman (ECDH), and RSA (Rivest–Shamir–Adleman) because they are all vulnerable to
quantum computing attacks. Quantum computers can potentially use algorithms such as Shor's algorithm to break
the encryption used by these methods, which would allow an attacker to access sensitive information that was
thought to be secure.
In 2016, NIST launched a process to identify new post-quantum cryptography standards and algorithms that will be more secure against quantum computing attacks than existing standards. The goal of this process is to develop and standardize new cryptographic methods that will be secure against both classical and quantum computing attacks, and will replace the existing standards that are vulnerable to quantum computing.
Given the recent progress in quantum computing, NIST is concerned that it is important to start the process of transitioning to post-quantum cryptography now to ensure that sensitive information remains secure in the future.
The benefits of post-quantum encryption are:
Security against quantum computing attacks: Post-quantum encryption methods are designed to be secure against attacks from quantum computers, which can potentially break current encryption methods such as RSA and Elliptic Curve Cryptography (ECC).
Long-term security: As quantum computing technology continues to advance, post-quantum encryption methods will provide ongoing security for sensitive information, protecting it from future attacks.
Compatibility: Post-quantum encryption methods can be designed to work with current systems and infrastructure, making the transition to post-quantum encryption more seamless.
Flexibility: Post-quantum encryption methods can offer different levels of security, depending on the specific use case and the level of protection required.
Encourage innovation: The development of post-quantum encryption methods can encourage innovation in the field of cryptography, leading to the discovery of new and more secure methods.
Compliance: Some countries and industries have or will require the use of post-quantum encryption methods, so it would be beneficial to be ready and in compliance.
It Depends on your use-case. Deployment can happen as quickly as a few hours to several months. The use-case determines the deployment time. Please feel free to reach out to us for more information.