By Kenna Hughes-Castleberry posted 21 Nov 2022
A leader in quantum-safe encryption, Post-Quantum is creating a multi-level strategy to prepare against the threat of quantum computing. While its cutting-edge products will no doubt help to make organizations from banks to governments more secure, the company is also trying to find ways to make the public more aware of the threat of quantum computing. As many quantum cybersecurity-focused companies are also developing their own methods, there is a shared sentiment among these organizations that the threat is real and few are listening. For Post-Quantum, this is only motivating the team more to continue to get the message out about the security threat that quantum computing poses to our current encryption frameworks.
The Basics of Encryption
Classical encryption is far from simple, as there are many different methods used. According to the Quantum Strategy Institute, there are three main types of encryption: Asymmetric, Symmetric, and Hashing. For asymmetric cryptography, each user possesses both public and private keys for encryption and decryption, while for symmetric encryption, users only have private keys for encryption and decryption. Hashing encryption uses an algorithm to create randomized data that is “encrypted.” Often this is when a 35-character message may be diluted and randomized into a 500-character “message.” While many computers may have a hard time breaking into these current protocols, a quantum computer, possessing a lot more computing power, gives a legitimate threat to the current infrastructure, forcing governments and other organizations, like banks or hospitals, to rethink their security.
“When quantum computers mature beyond classical computers, data flows will be rendered immediately vulnerable,” explains Andersen Cheng, Chairman of Post-Quantum. “From shutting down critical infrastructure to stealing funds and government documents, there is a real risk of dire consequences for pretty much every industry if they don’t act now.”
NIST (the National Institute of Standards and Technology) in the U.S. has recently issued standardization methods for algorithms that can be considered post-quantum, or quantum safe. These algorithms need to be complicated enough that a quantum computer cannot hack into them. In this process, NIST narrowed in on four algorithms that may fit the standards, but they are still studying and testing them thoroughly.
Post-Quantum is Getting the Message Out
Though most of the quantum computing industry is aware of the looming threat (and many are acting on it) there is still a general lack of public awareness about this topic. This causes many companies, like Post-Quantum, to take extra initial steps by having to explain the bigger context to potential users and investors. “A quantum computer prototype is much nearer than people think, and one could realistically break today’s encryption within the next three to five years,” says Cheng. “That timeframe is actually misleading as more urgently, “Harvest Now, Decrypt Later (HNDL) attacks – where bad actors can store data with a long shelf life to decrypt when a functioning quantum computer emerges– pose a present and significant threat that high security organizations in particular must begin to transition to a quantum-secure ecosystem.” This can cost valuable time, which many quantum companies may not have, as according to a recent Forbes article, quantum computing is expected to break public-key cryptography within the next eight years. Thankfully, companies like Post-Quantum already have solutions they can deploy.
As the first company to be developing post-quantum cryptography (PQC) solutions (beginning back in 2009), they are the only company to have developed what they dub a “Quantum-Safe Platform”. This Platform includes modular software for Identity, Transmission and Encryption, which protects organizations across their entire digital footprint.
A key feature of this Platform is Post-Quantum’s “Hybrid PQ VPN”, which helps ensure that organizations can communicate securely. “When today’s encryption standards are broken, traditional VPNs will be made redundant, which led us to develop a quantum-secure VPN that secures data flows in a quantum-resistant tunnel as it is transmitted,” explains Cheng. “Our Hybrid PQ VPN has been successfully trialed by NATO to secure its communication flows, and is also being trialed in other high-security environments. The security level is further enhanced by our quantum-ready identity solution. I cannot emphasize enough the need to have in place the most secure identity achievable as it will become the Gateway of Things (GoT) if you want to implement an end-to-end quantum-safe ecosystem. What really sets our solutions apart is that they are interoperable, backward compatible, and crypto-agile, which are all essential to secure a seamless transition to a quantum-safe world. This has already helped organizations such as NATO to kickstart their migration, and we are ready to work with any organization that is keen to pursue a frictionless and agile migration to a quantum-ready infrastructure.”
While the threat of quantum computing is not as widely accepted by the public, companies like Post-Quantum are working hard to make sure they are fully ready for when quantum computing is fully developed. As Cheng concludes: “Recent years have seen the technological arms race to develop sufficiently powerful quantum machines accelerate to an unprecedented pace. Coupled with the immediate dangers that Harvest Now, Decrypt Later poses, we are now seeing governments becoming increasingly concerned and initiating mandatory action, such as the US Quantum Computing Cybersecurity Preparedness Act. For high-security industries such as banks and federal agencies, the cost of not acting is simply becoming too high to avoid.”
Kenna Hughes-Castleberry is a staff writer at Inside Quantum Technology and the Science Communicator at JILA (a partnership between the University of Colorado Boulder and NIST). Her writing beats include deep tech, the metaverse, and quantum technology.