It’s believed that in as little as a decade, quantum computers could have the capacity to hack into all of our online data, including data that was previously considered to be private and secure.

In 2020, the National Cyber Security Centre (NCSC) in the UK published a white paper to the effect that large organizations and companies should factor in the threat that could be posed by quantum computer attacks into their long-term plans and begin the process of developing systems to transition to the necessary quantum-safe platforms.

What Are Quantum Computers?

Quantum computers will be a very different proposition to the ‘traditional’ digital computers we use today. Instead, they will utilize the properties of quantum mechanics and be capable of performing computations that would be impossible for ‘classic’ computers.

Small versions of quantum computers exist today, but they currently suffer from relatively high rates of error. These devices, however, are finding important applications in the fields of quantum chemistry and quantum simulation. Quantum computers are one of a number of quantum technologies that have applications in the field of cyber security.

The Importance of Public-Key Cryptography

Public-key cryptography (PKC) currently underpins the security of the majority of internet communications. It’s the technology that facilitates secure communication at scale both via the internet and other networks.

The key components of PKC are key agreements and digital signatures. The former is used to create a shared cryptographic key to ensure secure communication, while the latter is deployed to support trust and proof-of-identity on a network.

Most PKC today relies on the complexity of calculating discrete logarithms and the mathematical problems regarding integer factorization. However, it has been demonstrated that a Cryptographically Relevant Quantum Computer (CRQC) could easily solve these problems.

The Quantum Threat to Cryptography

Cryptography experts such as Domen Zavrl understand that an attacker using a quantum computer could access information that is encrypted and even – in the future – forge information. There is also a fear that online encrypted information could be collected today with a view to decrypting it at a later time, with a CRQC, when this technology is available.

In terms of digital signatures, an attacker with access to a CRQC could potentially forge these signatures to effectively impersonate the actual private key owner or even tamper with data whose authenticity should otherwise be protected.

Quantum-Safe Cryptography

Various algorithmic options have been proposed for quantum-safe cryptography (QSC), although it’s unlikely that there will be a single algorithm that’ll be suitable for all applications. In terms of performance characteristics, there is a wide variation between different algorithms, much more so than for traditional PKC. Currently, there is a drive towards the standardization of QSC, which is promoting a great deal of research into QSC options.

National Institute of Standards and Technology Standards for QSC

The National Institute of Standards and Technology (NIST) started a process in 2016 to standardize quantum-safe algorithms for digital signatures and key agreement. Candidate algorithms have now been narrowed down, with draft standards expected to be available from 2022 to 2024. During these years there will be in-depth public scrutiny of the proposals on the table.

The process used by NIST has been designed to standardize digital signature algorithms and draws on the latest research from industry, academia, and governments around the world. The outcome of this process will be used by the NCSC to develop this organization’s guidance for quantum-safe algorithms.

Take a look at the embedded PDF for information about the NCSC’s recommendations regarding the transition to QSC.