Is Q-Day Upon Us?
02.04.2024 Carmen Kempka
Will post-quantum cryptography (PQC) save us from Q-Day or is it inevitable that current cryptographic standards, like RSA and AES, will become vulnerable to quantum computing attacks before new protective algorithms are developed to overcome the looming threats to our most sensitive data? Many believe that Q-Day, the day when quantum computers can break existing encryption methods, is in sight, threatening our bank accounts, credit cards, medical records, and even critical infrastructure.
Government agencies, research organizations, and vendor consortiums are aware of the advances made in quantum computing and are developing PQC initiatives to develop encryption methods that can counter the threats. In 2023, csoonline.com identified at least 11 notable initiatives, programs, standards, and resources launched to help the creation, development, and migration to PQC. Some of these initiatives include:
CISA, NSA, and NIST are urging organizations to start preparing for the implementation of post-quantum cryptography and set forth guidelines for action:
- Establish a Quantum-Readiness Roadmap.
- Engage with technology vendors to discuss post-quantum roadmaps.
- Conduct an inventory to identify and understand cryptographic systems and assets.
- Create migration plans that prioritize the most sensitive and critical assets.
The Linux Foundation has launched the Post-Quantum Cryptography Alliance (PQCA), an open and collaborative initiative to drive the advancement and adoption of post-quantum cryptography. The PQCA brings together industry leaders, researchers, and developers to address cryptographic security challenges posed by quantum computing, through the production of high-assurance software implementations of standardized algorithms, while supporting the continued development and standardization of new post-quantum algorithms.
Other efforts include the Internet Engineering Task Force (IETF) which has launched a working group to coordinate quantum-resistant cryptographic protocols; the UK government published new National Quantum Strategy detailing its 10-year plan for leading a quantum-enabled economy, recognizing the importance of quantum technologies for the UK’s security; and Google announced it was taking steps to make web browsing safe from future quantum computers by adding Chrome support for quantum-resistant encryption.
The medical field is keenly aware of quantum computing and its potential impact on medical devices. Medical technology relies heavily on embedded systems. It is critical that these systems meet the high level of security required in the healthcare industry while protecting both sensitive patient data and the Intellectual Property inherent in the software used in these devices. In order to achieve long-term security and be able to react with sufficient speed to new cryptanalytic results, a high degree of crypto-agility – even across different PQC classes – must be developed. That is the main objective of a group from science and industry who is collaborating on the PQC4MED project. According to the PQC4MED consortium, in order to guarantee sustainable information security, crypto-agility must be achieved as early on as possible in the development of next generation devices.
Other organizations are exploring the impact of quantum computing on the security of digital identities and the protection of digital and mobile documents. To this end, Infineon Technologies and Wibu-Systems, in collaboration with Mühlbauer Group and Eviden, an ATOS Business, will present a substantive webinar on this topic on April 10, 2024, that will delve into the heart of this transformative era.
The Webinar, Post Quantum Cryptography – The Impact on Identity, will be hosted by Silicon Trust who has been at the forefront of secure identification, uniting leading companies worldwide for over 2 decades. The presentations will include:
- Robert Bach, Infineon Technologies: Protecting Electronic Identity Documents in the Age of Quantum Computing
- Dr Carmen Kempka, Wibu-Systems: Cryptoagility and Quantum Resistance: Easier Said Than Done.
- Lutz Richter, Mühlbauer Group: How will Post Quantum Cryptographic affect Contactless Travel in Entry-Exit Solution.
- Klaus Schmeh, Eviden: Implementing Post-Quantum-Crypto Algorithms on Smart-Card Chips
- Steve Atkins, Silicon Trust: Moderator
You can learn more about the webinar and register here.
Contributor
Dr. Carmen Kempka
Director Corporate Technology
Dr. Carmen Kempka studied computer science with a focus on cryptography and quantum computing at the University of Karlsruhe (TH), now known as KIT. After completing her PhD at KIT in cryptography, she spent two years as a Postdoctoral Researcher in the Secure Platform Laboratories at NTT in Japan. At the end of 2016, she began her career at WIBU-SYSTEMS AG, where she now serves as the head of the Corporate Technology department, supporting her colleagues in all matters related to cryptography and product security with her team.