Researchers Are Moving Up the Clock for ‘Q-Day’
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5, rated)
Loading...

Researchers Are Moving Up the Clock for ‘Q-Day’

4 industry advances and the inaugural World Quantum Readiness Day underscore the importance of preparing now for quantum-based threats

Several new quantum-focused research developments may have moved up the timeline for needing quantum-resistant cryptography. If you do nothing to prepare now, all of your data that’s secured by modern public key algorithms may be vulnerable to harvest now, decrypt later (HNDL) attacks in the future.

Knowing this, DigiCert and other industry partners are leading the charge into a quantum-ready future by establishing a new quantum security-focused holiday. This event, which will be celebrated on Sept. 26 this year, aims to spur enterprises and governments to action and serves as a day of security-focused reflection.

So, what are governments and organizations doing to prepare for quantum-based threats? And what can you do to improve your organization’s cryptographic agility?

Let’s hash it out.

4 Examples of Why PQC Readiness Shouldn’t Be Put Off Until ‘Later’

Researchers and businesses are making incredible strides in the realm of quantum computing research. Here are several of the “firsts” worth noting:

  1. The United Kingdom announced that a quantum navigation technology was successfully tested in flight. This initiative, which involved running test flights using “advanced quantum-based navigation systems that cannot be jammed or spoofed by hostile actors,” was announced on May 13. The initiative was made possible through a partnership between UK Research and Innovation (UKRI), Infleqtion, BAE Systems, and QinetiQ.
  2. MIT researchers found a way to configure atoms more closely than ever before. The closer two atoms are, the more strongly they interact. And in this case, the team was able to manipulate atoms into being only 50 nanometers apart. The thought is that this close configuration could be conducive to generating “purely magnetic dipolar gates” that could be used to create a new type of quantum computer.
  3. Microsoft and Quantinuum achieve the world’s best error rates. Researchers in this joint venture were able to demonstrate an 800x improvement between logical and physical qubits. By increasing the fidelity (reliability) of logical qubits in quantum computation, the companies declare they’re moving from noisy intermediate-scale quantum (NISQ) Level 1 Foundational to Level 2 Resilient quantum computing
  4. CA and NM researchers have found a way to transform everyday materials into quantum conductors. Researchers at the University of California, Irvine and Los Alamos National Laboratory have run experiments on non-traditional quantum computing materials such as glass to change their electrical characteristics at an atomic level. The hope is to convert these materials into strong conductors that can be used to create quantum computers.

The Time to Prepare for Quantum Is Now

To a certain extent, we understand why some companies may not view quantum computing readiness as a current priority, putting these preparations on the back burner in favor of focusing on short-term actions. But it’s crucial that quantum-related priorities don’t remain there and that you start planning your post-quantum strategy.

While it’s true that quantum computers are currently limited to carefully controlled laboratory settings at companies like Google and IBM, that won’t always be the case. As you’ll learn a bit later, advancements in quantum technologies are occurring all the time, and it’s only a matter of time before these qubit-based devices are out of the lab and commercially available.

Estimates from McKinsey show that nearly three-quarters of surveyed tech executives anticipate seeing “fully fault-tolerant quantum computer by 2035.”

This is why companies must start addressing these long-term concerns now before it’s too late. Getting your organization ready to face the quantum threats of tomorrow won’t be a quick process; there’s a lot involved in terms of handling financial investments, planning, policies, and implementation.  

Related: Post-Quantum Cryptography: 10 Things You Need to Know

Your PKI Is at the Heart of These Preparations

World Quantum Readiness Day aims to light a fire under enterprises and governments. The reality is that public key technologies we rely on today won’t hold up against quantum computers. This is why Google added support for hybrid post-quantum algorithms last year as part of its preparations. (Although it’s not without its issues, as it’s thought that some servers aren’t equipped to handle large ClientHello messages in the SSL/TLS handshake.)

This is why it’s imperative for organizations to take the cryptographic threats associated with quantum computing seriously and understand what they need to do to face them. Using hybrid cryptographic algorithms (i.e., a combination of classical and quantum-resistant algorithms) to secure your data now is one way to avoid the risks associated with HNDL data decryption attacks later.

While simply naming a day isn’t going to prepare businesses for what’s to come, it does serve as a reminder for businesses to get their acts in gear. It also supports the show-of-force we’ve been seeing across the public and private sectors over the past several years.

How the Industry Is Preparing Now for a Quantum Future

An illustrative graphic of the EU's recommended PQC roadmap
Image caption: A screenshot of the European Commission’s PQC implementation roadmap.

While every organization should already be preparing for quantum computing, not everyone is. And of those that are, DigiCert reports that 61% of survey respondents are concerned that their organizations won’t be prepared to address the security implications of PQC.

The good news, though, is that organizations and governments the world over are starting to engage in much-needed collaborations and discussions about how best to proceed ahead of this eventuality:

Industry Leaders Are Putting Their Money Where Their Mouths Are

True quantum readiness is more than legislative actions and talks. It’s also about investing in the requisite technologies and talent. Here’s the latest on quantum-related investments:

  • Acumen Research and Consulting projects the value of the global Quantum Computing Market will reach $42.1 billion by 2032.
  • Data from the aforementioned McKinsey survey of 22 tech leaders indicates that 67% of companies plan to dedicate at least $10 million to quantum computing technologies over the next five years.
  • Other McKinsey research data indicates that China’s public sector has invested around $15.3 billion; this is well ahead of the investments from the European Union ($7.2 billion) and the United States ($1.9 billion). 

How to Get Started on the Road to Quantum Readiness

Not being prepared for quantum computing is like getting caught with your pants down: It puts you in an embarrassing, vulnerable state that no one wants to find themselves in.

World Quantum Readiness Day serves as a learning opportunity to help you and other organizations avoid that embarrassment. It’s also an opportunity to:

  • Assess and recognize your potential weaknesses when it comes to securing your data against quantum-resistant cryptography.
  • Start working on a post-quantum strategy and implementation plan for your business.
  • Use it as a day to educate your employees and customers about the advantages and risks of embracing quantum technologies.
  • Share with the world the progress you’ve made in preparing for the inevitable future.

Are you confident that your organization’s PKI and data are secure? Data from DigiCert’s State of Digital Trust 2024 report indicates otherwise, showing that there’s a worrisome “middle-ground” of businesses that are overly confident about the security of their PKIs. Overly confident companies overestimate their capabilities and are likely to find themselves in a bad situation down the road.

Getting Down to Brass Tacks: Can You Get PQC Certificates Yet?

Yes and no. While publicly trusted PQC certificates aren’t yet available for external uses (namely because the “Powers That Be” are still hashing out the necessary protocols and standards), some private CA providers offer flexibility and support for limited PQC algorithms.

This means you can start issuing certificates for private PKI, so long as you have the right tools in place. DigiCert® Trust Lifecycle Manager gives you the ability to issue and manage the lifecycles of private PQC certificates. These certificates use Dilithium (ML-DSA) digital signature algorithms with key sizes ranging from 10496 to 20736 bits.

Some examples of the types of certificates you can issue include:

Ready to learn more about DigiCert Trust Lifecycle Manager and how it can aid your post-quantum initiatives? Get in touch with our Sales team.

Don’t Get Left Behind — Start Preparing Now So You’re Ready Later

Much like how you can’t stop time from progressing, you also can’t stop the advancements of quantum technologies. (And why would we want to? They have many potentially beneficial applications!) And this is why it’s imperative to start planning and developing your PQC strategy now.

Knowing this, we hope you’ll add World Quantum Readiness Day to your calendar. It only takes a few seconds, but this celebratory day of recognition can help instigate the changes you need to make within your own organization.

Author

Casey Crane

Casey Crane is a regular contributor to and managing editor of Hashed Out. She has more than 15 years of experience in journalism and writing, including crime analysis and IT security. Casey also serves as the Content Manager at The SSL Store.