I remember early on in my career doing a course that was very heavy on crypto theory, I was nearly screaming by the end of it. All I wanted to know was how to understand what crypto to use and it’s limitations. Maybe I did not need to now how it worked at a deep mathematical level. But it gave me a huge respect for crypto analysts who clearly live in an alternative reality to mere mortals like myself.
The DHS in conjunction with NIST have released a road map for post-quantum computing cryptography.
They define the requirement as follows:
“While quantum computing promises unprecedented speed and power in computing, it also poses new risks. As this technology advances over the next decade, it is expected to break some encryption methods that are widely used to protect customer data, complete business transactions, and secure communications.”
As time progresses cryptography becomes vulnerable. This is all part of crypto arms race going way back in history so should not come as a shocker to anyone.
Science.org is predicting IBM will have a 1000 qubit computer by 2023 and predicts this will not be powerful enough to break current crypto. Yet, looking at the roadmap, NIST are predicting they will have a new standard ready by 2024 to mitigate the rise of quantum computers.
So whilst quantum computing still sounds like something out of a bad sci-fi movie, I was puzzled by the timing of the roadmap. So I dug into it deeper to understand why this is important now as NIST are concerned that:
“the threat to information protected by asymmetric cryptography exists now because an adversary can collect currently encrypted data and break it when quantum computation becomes available”
Whilst this might not impact transitory data it could impact data that has longevity e.g. personal data. As many organisations find it difficult to maintain IT assets records, it’s worthwhile updating them by recording what crypto you are using and where it’s in use. Then start preparing to take action to protect critical information. But of course you already do that don’t you.
ARD Blog 
You must be logged in to post a comment.