Time to Consider Quantum-Immune Cryptographic Solutions

Recent breakthroughs in the development of Quantum Computing are forcing IT Security Managers to rethink their cryptographic standards. In February D-Wave Systems, a spin-off from the University of British Columbia, exhibited and demonstrated a 16 Qubit Quantum Computer. Since then, many top CISOs have decided it’s time to start exploring Quantum-immune cryptographic solutions.

Quantum Computing renders many of our existing cryptographic systems insecure. What it doesn’t break immediately, it will weaken considerably. Public key algorithms, which underpin most of our e-Commerce, are particularly vulnerable. It may be quicker to break some keys than to generate them. Symmetric key systems will be less affected but we will probably have to double their key length.

We may still be many years from experiencing the impact of Quantum Computing on our business operations. But it takes a long time to change our cryptographic systems. Brand new solutions might take a decade to develop, evaluate, adopt, commercialise and implement. Distributed legacy systems don’t easily accommodate deep-seated, across-the-board changes. It took a major effort to upgrade our banking systems from single to triple DES. It will require a much bigger one to rethink the basis of our e-Commerce security.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Quantum computing and quantum encryption is an interesting subject, but any encryption system is still based on using a secure password, which can generally be cracked using bruteforce methods or a good hybred wordlist. And even quantum encryption has theoretical attack vectors which can be exploited. Even AES with a secure password is still more secure than a quantum encryption system with a weak password, until it gets to the stage where bimetric info is combined with quantum encryption I dont forsee a major change to current cryptographic practices.
I do wonder how many of those people who are working in CISO type positions really have the time, energy and senior management 'goodwill' to even start to contemplate considering (nevermind planning) the additional crypto reserves that may be needed in the future? I get the feeling that there are very few true CISOs who are able to truly take a strategic approach, rather than having to deal with the day-to-day fire fighting of a corporate IT world. Until such time that information security/information assurance/security risk management is seen less as a commodity, and more of a core function, taking the strategic high ground will remain a luxury for those who work in more enlightened environments. David, I can't argue with your point, but I do think that it's a million miles away from the everyday detritus that most of us face (which is a real problem because I think we should be addressing the crypto reserve issues).