Post-Quantum Cryptography - FAQ for beginners

9 Questions and Answers to satisfy your post-quantum curiosity 

Q: When will quantum computers be powerful enough to break cybersecurity?

A: Estimates vary from as early as 2028 to as late as 2045. Most governments and large security organizations are using 2030 as the date they expect the emergence of Cryptographic-Relevant Quantum Computers (CRQC).

Q: Is it true that quantum computers can break cybersecurity because they run faster?

A: Not exactly. Quantum computers can speed up the solution for certain classes of problems, e.g. period-finding, data-searching. We have since discovered that existing public key cryptographic algorithms are vulnerable to such quantum speedups and hence needs to be upgraded/replaced with quantum-safe algorithms and implementations.

Q: Since quantum computers are still not here yet, are we vulnerable?

A: While a hacker cannot rely on quantum computers to attack the system, your sensitive data which has long-term value may be susceptible to harvesting attacks. This is the situation where hackers may "harvest" and store these data, only to decipher them in the future when quantum computers become available. You therefore need to do something to protect such data today.

Q: If we start on a post-quantum migration project, how do we know we are quantum-safe?

A: At present, new quantum-safe algorithms rely on mathematical and theoretical proofs to show that they are not vulnerable to quantum attacks. To be more sure that your post-quantum migration project is successful, you should consider hybrid approaches (instead of a post-quantum-only implementation) where you incorporate layers of security to defend against known-classical and unknown-quantum attacks. In this way, your system is at least as secure as every other system.

Q: Can you describe the post-quantum vulnerability in 1 sentence?

A: If your application is using a public key algorithm such as RSA, ECC or DH, a hacker can use a quantum computer to calculate your private (or secret) key from your public key, and use this information to impersonate your identity or look at your sensitive data.

Q: Are post-quantum solutions very costly? 

A: At the heart of the solution, we are looking to augment the existing public key algorithm with new quantum-safe algorithms which have been proven to be secure against quantum attacks. These new quantum-safe algorithms can run in software with a slight increase in computation and bandwidth overhead.

Your current laptops and mobile phones are already suitably powered to run the quantum-safe algorithms without any noticeable change in end-user experience. Note that a number of these quantum-safe algorithms are already available in open-source. 

Q: What is the difference between QKD and PQC?

A: QKD or Quantum Key Distribution refers to the use of quantum photonics to share a secret key between two communicating parties. QKD relies on the tamper-evident properties of quantum photonics to detect if there is an attacker present.

PQC or Post-Quantum Cryptography refers to the use of new quantum-safe algorithms that can be used to achieve confidentiality, integrity and authenticity of data and communications.

Implementation-wise, QKD projects rely on quantum hardware to achieve quantum-safe data communications, while PQC projects replace the underlying algorithm and can be done in software.

Q: How should I choose QKD or PQC?

A: QKD use-cases are typically limited to point-to-point communication to secure data-in-motion, while PQC use-cases are more versatile and can be used to secure both data-in-motion as well as data-at-rest.

QKD projects involve large infrastructural changes including laying dark fiber over long-distances to facilitate the quantum communication, while PQC projects can be implemented on a per-application/per-user level with less cost overheads.

On the other hand, PQC is much more complex to understand on a application design level and hence susceptible to errors in implementation.

Q: What if I upgrade to post-quantum security but quantum computers never come?

A: Take graduated steps in your post-quantum migration journey, starting with discovery of your assets under protection, as well as improving the post-quantum literacy and capability of your in-house team.  Be familiar with prevailing practices and guidelines which will serve as good indicators on the state of progress in quantum computing.

It is unlikely that your systems can be upgraded to post-quantum security in isolation, and so engaging with your counter-parties will also provide a sense of the timeline.

If you want to start a post-quantum project, start a trial or proof-of-concept as an exploratory journey to let your team gain implementation experience and make sure it is non-disruptive to your day-to-day operations and infrastructure.