It’s not clear who first uttered the quip: Of course, I can keep a secret. It's the people I tell it to that can't. But what’s clear is that there are plenty of times when it’s a matter of life and death to ensure that secrets remain undisclosed.
We’ve been using cryptographic ciphers to hide these secrets. Quantum computing is changing that. Most people are curious about quantum computing, and the likely reason behind its popularity is the possibility of having quantum computers in the next decade. The question arises whether this advancement will smash apart the entire encryption system of the current world. Will the whole promise behind Bitcoin and Blockchain collapse due to quantum computing? That's what everyone wants to know right now.
As with many things, there is some bad news. But in this case, it's tempered with a lot of good news. The bad news. Yes, quantum computers will break the current RSA and ECC encryption standards. RSA had a good run from 1978, some 40-plus years. We all agree it's a good run for a tech standard. We must transition from RSA, the current standard, to the post-RSA quantum-safe state.
And here's the good news I want to share: According to the World Economic Forum, about six years ago, a multistakeholder community of experts from across the public sector and private sectors, academia and civil society of approximately 40 countries recognized the issue of quantum computing and came together in an open process. They aimed to find a set of quantum-safe encryption standards. The United States government sponsored the selection and standardization of quantum-safe cryptography through a multiyear process at the National Institute of Standards and Technology, and this past July they completed the core testing. We expect the first 4 of those standards to come out of these government bodies in roughly a few months time frame. Other countries have initiated similar efforts. These quantum-safe protocols can be used for e-commerce, any new encryption, re-encrypting patient data in hospitals, re-encrypting intellectual property and secure communication.
So the bad news is, yes, quantum computers could render obsolete RSA and all the stuff we've used before, mainly because of the HNDL - Harvest Now Decrypt Later. We must act now, even though the quantum computers are not here yet adversaries are exfiltrating our information, even though it's encrypted. They're storing it on their servers to decrypt it in a few years when they have quantum computers powerful enough to do that. That's the urgency of why the world governments are collaborating today to develop draft standards today.
The National Security Memorandum (NSM-10) by the White House in May 2022 emphasized the risks of cryptographically vulnerable systems as innovation in quantum computing accelerated. This was followed by President Biden signing the Quantum Computing Cybersecurity Preparedness Act into law and multiple other global governing bodies issuing memos to federal and state agencies to prepare for a post-quantum secure world. Government agencies are running against time to secure information because of nation-state adversaries harvesting sensitive data now, to decrypt later.
The U.S. National Institute of Standards and Technology (NIST) announced the 4 post-quantum cipher (PQC) winners in July 2022 after a 6-year review of proposals from researchers worldwide. In August 2023, NIST announced plans to standardize three PQC algorithms– Crystals-Kyber, Crystals-Dilithium and SPHINC+, officially approving them for use in 2024. PQCs aim to provide systems with quantum-safe cryptography suites that a quantum computer cannot break. NIST's announcements are necessary and timely steps towards this goal.
These efforts across NIST and government bodies globally are critical as quantum computing picks up the pace. We continue to read about computing progress across IBM, Google, D-Wave, IonQ and other quantum companies in achieving fault-tolerant low rates of error correction required for accurate computation with fewer physical qubits. These impressive advancements in quantum computing bring immense hope to pharmaceutical drug industries, financial modeling and industrial design industries, to name a few. However, the flip side is the threat of Shor's and Grover's algorithms, which weaken and can break existing cryptographic suites used globally to secure data and provide user privacy on the internet.
At Palo Alto Networks, we are gearing up to secure and support our customers with their migration to a quantum secure world with a focus on the following areas:
- Driving industry awareness, best practices, and standards through our partnership with NIST's National Cybersecurity Center of Excellence with a keen focus on policy and products.
- Assisting customers with crypto inventory, threat mitigation and migration to PQCs, with an open-standards approach to maintaining interoperability and backward compatibility across a multi-vendor ecosystem.
- Building quantum-resistant products across the Palo Alto Networks suite for early adopters in global industries across government agencies, financials, telecom, healthcare, enterprises, critical infrastructure and more.
- Educating customers and collaborating with other industry quantum service providers for a robust strategy and comprehensive solutions to fight the quantum threat.
- Committed to being a strategic partner to organizations on their journey toward quantum readiness. Last week, we launched a multi-episode video series called the CISO’s Guide to Quantum Security to aid organizations in their early quantum migration planning.
Despite their impact on cybersecurity, quantum computers can offer a lot of benefits and solve a wide range of problems facing humanity. However, if security teams are unable to secure their environments, then much of our everyday web interactions will be at risk. Take the proper steps now to avoid panic later on.
To learn more about Quantum Security concepts we encourage you to visit our Quantum Security documentation page for additional information. Our multi-episode video series called the CISO’s Guide to Quantum Security is another great resource for information.