Researchers Are Moving Up the Clock for ‘Q-Day’
4 industry advances and the inaugural World Quantum Readiness Day underscore the importance of preparing now for quantum-based threats
Several new quantum-focused research developments may have moved up the timeline for needing quantum-resistant cryptography. If you do nothing to prepare now, all of your data that’s secured by modern public key algorithms may be vulnerable to harvest now, decrypt later (HNDL) attacks in the future.
Knowing this, DigiCert and other industry partners are leading the charge into a quantum-ready future by establishing a new quantum security-focused holiday. This event, which will be celebrated on Sept. 26 this year, aims to spur enterprises and governments to action and serves as a day of security-focused reflection.
So, what are governments and organizations doing to prepare for quantum-based threats? And what can you do to improve your organization’s cryptographic agility?
Let’s hash it out.
4 Examples of Why PQC Readiness Shouldn’t Be Put Off Until ‘Later’
Researchers and businesses are making incredible strides in the realm of quantum computing research. Here are several of the “firsts” worth noting:
- The United Kingdom announced that a quantum navigation technology was successfully tested in flight. This initiative, which involved running test flights using “advanced quantum-based navigation systems that cannot be jammed or spoofed by hostile actors,” was announced on May 13. The initiative was made possible through a partnership between UK Research and Innovation (UKRI), Infleqtion, BAE Systems, and QinetiQ.
- MIT researchers found a way to configure atoms more closely than ever before. The closer two atoms are, the more strongly they interact. And in this case, the team was able to manipulate atoms into being only 50 nanometers apart. The thought is that this close configuration could be conducive to generating “purely magnetic dipolar gates” that could be used to create a new type of quantum computer.
- Microsoft and Quantinuum achieve the world’s best error rates. Researchers in this joint venture were able to demonstrate an 800x improvement between logical and physical qubits. By increasing the fidelity (reliability) of logical qubits in quantum computation, the companies declare they’re moving from noisy intermediate-scale quantum (NISQ) Level 1 Foundational to Level 2 Resilient quantum computing.
- CA and NM researchers have found a way to transform everyday materials into quantum conductors. Researchers at the University of California, Irvine and Los Alamos National Laboratory have run experiments on non-traditional quantum computing materials such as glass to change their electrical characteristics at an atomic level. The hope is to convert these materials into strong conductors that can be used to create quantum computers.
The Time to Prepare for Quantum Is Now
To a certain extent, we understand why some companies may not view quantum computing readiness as a current priority, putting these preparations on the back burner in favor of focusing on short-term actions. But it’s crucial that quantum-related priorities don’t remain there and that you start planning your post-quantum strategy.
While it’s true that quantum computers are currently limited to carefully controlled laboratory settings at companies like Google and IBM, that won’t always be the case. As you’ll learn a bit later, advancements in quantum technologies are occurring all the time, and it’s only a matter of time before these qubit-based devices are out of the lab and commercially available.
Estimates from McKinsey show that nearly three-quarters of surveyed tech executives anticipate seeing “fully fault-tolerant quantum computer by 2035.”
This is why companies must start addressing these long-term concerns now before it’s too late. Getting your organization ready to face the quantum threats of tomorrow won’t be a quick process; there’s a lot involved in terms of handling financial investments, planning, policies, and implementation.
Related: Post-Quantum Cryptography: 10 Things You Need to Know
Your PKI Is at the Heart of These Preparations
World Quantum Readiness Day aims to light a fire under enterprises and governments. The reality is that public key technologies we rely on today won’t hold up against quantum computers. This is why Google added support for hybrid post-quantum algorithms last year as part of its preparations. (Although it’s not without its issues, as it’s thought that some servers aren’t equipped to handle large ClientHello messages in the SSL/TLS handshake.)
This is why it’s imperative for organizations to take the cryptographic threats associated with quantum computing seriously and understand what they need to do to face them. Using hybrid cryptographic algorithms (i.e., a combination of classical and quantum-resistant algorithms) to secure your data now is one way to avoid the risks associated with HNDL data decryption attacks later.
While simply naming a day isn’t going to prepare businesses for what’s to come, it does serve as a reminder for businesses to get their acts in gear. It also supports the show-of-force we’ve been seeing across the public and private sectors over the past several years.
How the Industry Is Preparing Now for a Quantum Future
While every organization should already be preparing for quantum computing, not everyone is. And of those that are, DigiCert reports that 61% of survey respondents are concerned that their organizations won’t be prepared to address the security implications of PQC.
The good news, though, is that organizations and governments the world over are starting to engage in much-needed collaborations and discussions about how best to proceed ahead of this eventuality:
- At the annual PKI Consortium Conference, many sessions focused on post-quantum cryptography (PQC) discussions about implementations and preparations
- The National Institute of Standards and Technology’s (NIST’s) Post Quantum Cryptography Standardization Project, which just held its Fifth PQC Standardization Conference, updated its timeline for PQC algorithms to state that new PQC Federal Information Processing (FIPS) standards (FIPS 203, 204, and 205) are tentatively slated to come out in summer 2024
- The White House issued its National Security Memorandum (NSM) on “Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems.” This was followed by the launch of the U.S.’s 2022 Quantum Cybersecurity Preparedness Act and its 2023 National Cybersecurity Strategy.
- The European Commission recommended an implementation roadmap for transitioning to PQC for its Member States.
Industry Leaders Are Putting Their Money Where Their Mouths Are
True quantum readiness is more than legislative actions and talks. It’s also about investing in the requisite technologies and talent. Here’s the latest on quantum-related investments:
- Acumen Research and Consulting projects the value of the global Quantum Computing Market will reach $42.1 billion by 2032.
- Data from the aforementioned McKinsey survey of 22 tech leaders indicates that 67% of companies plan to dedicate at least $10 million to quantum computing technologies over the next five years.
- Other McKinsey research data indicates that China’s public sector has invested around $15.3 billion; this is well ahead of the investments from the European Union ($7.2 billion) and the United States ($1.9 billion).
How to Get Started on the Road to Quantum Readiness
Not being prepared for quantum computing is like getting caught with your pants down: It puts you in an embarrassing, vulnerable state that no one wants to find themselves in.
World Quantum Readiness Day serves as a learning opportunity to help you and other organizations avoid that embarrassment. It’s also an opportunity to:
- Assess and recognize your potential weaknesses when it comes to securing your data against quantum-resistant cryptography.
- Start working on a post-quantum strategy and implementation plan for your business.
- Use it as a day to educate your employees and customers about the advantages and risks of embracing quantum technologies.
- Share with the world the progress you’ve made in preparing for the inevitable future.
Are you confident that your organization’s PKI and data are secure? Data from DigiCert’s State of Digital Trust 2024 report indicates otherwise, showing that there’s a worrisome “middle-ground” of businesses that are overly confident about the security of their PKIs. Overly confident companies overestimate their capabilities and are likely to find themselves in a bad situation down the road.
Getting Down to Brass Tacks: Can You Get PQC Certificates Yet?
Yes and no. While publicly trusted PQC certificates aren’t yet available for external uses (namely because the “Powers That Be” are still hashing out the necessary protocols and standards), some private CA providers offer flexibility and support for limited PQC algorithms.
This means you can start issuing certificates for private PKI, so long as you have the right tools in place. DigiCert® Trust Lifecycle Manager gives you the ability to issue and manage the lifecycles of private PQC certificates. These certificates use Dilithium (ML-DSA) digital signature algorithms with key sizes ranging from 10496 to 20736 bits.
Some examples of the types of certificates you can issue include:
- Server certificates,
- Device certificates,
- User certificates, and
- S/MIME certificates.
DigiCert Trust Lifecycle Manager Simplifies PKI & Digital Certificate Management
DigiCert Trust Lifecycle Manager is an all-in-one certificate lifecycle management (CLM) solution. Explore how this tool can help you keep a close eye on your PKI and avoid certificate outages.
Ready to learn more about DigiCert Trust Lifecycle Manager and how it can aid your post-quantum initiatives? Get in touch with our Sales team.
Don’t Get Left Behind — Start Preparing Now So You’re Ready Later
Much like how you can’t stop time from progressing, you also can’t stop the advancements of quantum technologies. (And why would we want to? They have many potentially beneficial applications!) And this is why it’s imperative to start planning and developing your PQC strategy now.
Knowing this, we hope you’ll add World Quantum Readiness Day to your calendar. It only takes a few seconds, but this celebratory day of recognition can help instigate the changes you need to make within your own organization.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown