Quantum Computing and Encryption: Preparation for the Cryptographic Revolution

Comic Books

The growing maturity of quantum computing is one of the most significant technological disruptions of our time, with deep implications for cryptographic systems that protect the global digital infrastructure. The advent of sufficiently powerful quantum computers will require a radical rethink of the security protocols we consider today inviolable.

Threats to Current Encryption

Asymmetric cryptographic systems currently in use are based on the computational complexity of mathematical problems considered intractable for classical computers. According to the latest report from the National Institute of Standards and Technology (NIST), the two most vulnerable pillars are:

  • R: Based on the factorization of first large numbers
  • ECC (Elliptic Curve Cryptography): Founded on the problem of discreet logarithm on elliptical curves

Shor's algorithm, published in 1994, theoretically demonstrates how a quantum computer can solve these problems in polynomial time rather than exponential. A quantum computer with sufficient qubit stability could:

  • Decipher a RSA-2048 key in about 8 hours (vs. billion years with classic calculation)
  • Buy ECC-256 keys in less than 60 minutes

According to a 2023 Deloitte study, 78% of organisations still use these vulnerable algorithms exclusively to protect sensitive communications and data.

Post-Quantum encryption (PQC)

To face this threat, the cryptographic community has developed algorithms resistant to quantum attacks. The NIST completed the third round of its competition in July 2022 to standardize PQC algorithms, selecting:

Algorithms selected for standardization:

  1. CRYSTALS-Kyber – For key encapsulation mechanism (KEM)
  • Based on kidney problems (lattice-based)
  • Moderate overhead compared to RSA
  • High computational efficiency
  1. CRYSTALS-Dilithium – For digital signatures
  • Also based on mathematical lattice
  • Sign size: ~2.5KB (vs. ~0.5KB of ECDSA)
  1. FALCON – Alternative signature algorithm
  • Optimized performance for bandwidth applications
  1. SPHINCS + – Signature based on hash
  • It does not depend on specific structured problems
  • Greater long-term resistance guarantee
  • Higher overhead than alternatives

Additional algorithms are being evaluated in the fourth round, with particular focus on code-based encryption mechanisms and isogens.

Preparation Timeline and Roadmap

The transition to quantum-resistant encryption will take time and strategic planning. According to the most recent forecasts:

  • 2023-2025: Finalization of NIST PQC standards
  • 2025-2027: Initial implementation in critical environments
  • 2026-2030: mainstreaming and progressive migration
  • 2029-2035: Timeframe estimated for the arrival of quantum computers capable of practical attacks

IBM published in its "Quantum Risk Assessment Framework" a four-phase preparation roadmap:

  1. cryptographic invention:
  • Identification of all assets protected by vulnerable encryption
  • Classification for criticality and complexity of migration
  1. Technical evaluation:
  • PQC algorithm compatibility test
  • Performance Impact Assessment
  • Proof-of-concept on non-critical systems
  1. Hybrid implementation:
  • Using dual-algorithm approaches (classic + PQC)
  • Prioritization of data with long life cycle
  1. Full migration:
  • Total conversion to PQC with disposal of vulnerable algorithms

Practical Impacts on Organizations

The consequences of the transition to the PQC will extend to various technical and organizational levels:

Infrastructure and Performance

  • Storage: Increased storage space for keys and certificates (up to 40x for some PQC algorithms)
  • : 20-50% encryption/decipheration performance reduction
  • Network latitude: Increase due to larger payloads in communication protocols
  • Hardware compatibility: Potential need for HSM updates and dedicated cryptographic devices

An analysis by Gartner estimates migration costs of 5.7% of annual IT budgets for large organizations, with greater impact on highly regulated sectors.

Compliance and Governance

The PQC transition will involve significant regulatory challenges:

  • Update of industry standards (PCI-DSS, HIPAA, etc.)
  • New requirements for "Crypto Agility" in security frameworks
  • Need to fully document the migration strategy

Critical Use Cases

Some sectors will suffer more immediate impacts:

  1. Financial services:
  • International payment systems
  • High frequency trading infrastructure
  1. Automotive industry:
  • Over-the-air software updates
  • V2X systems (Vehicle-to-Everything)
  1. Healthcare:
  • Medical devices connected with long life cycle
  • Telemedicine systems
  1. Critical Infrastructure:
  • Energy networks and utilities
  • Air traffic control

Tool and Technologies for Transition

To facilitate migration to PQC, different solutions are already available:

Development books:

  • Open Quantum Safe (OQS) – Open-source Framework to integrate PQC algorithms
  • Liboqs – Reference implementations of NIST algorithms
  • BoringSSL – Google version of the SSL library with experimental PQC support

Evaluation tools:

  • PQC Migration Scanner (IBM) – Analyzes code to identify cryptographic dependencies
  • Quantum-Safe Risk Framework (ANSSI) – Quantum Risk Assessment Methodology
  • Cryptographic Inventory Tools (Microsoft) – cryptographic mapping suite

Business Solutions:

  • PQShield – HSM and quantum-resistant hardware accelerators
  • Radiated ISARA – Enterprise Migration Suite
  • Daily – Overlay network with integrated agility crypto

Evolution Future and Research

The post-quantum security landscape continues to evolve:

  1. Quantum homomorph encryption – Secure processing on encrypted data even in the presence of quantum threats
  2. Quantium-resistant consent protocols – Blockchain and DLT with immunity to quantum attacks
  3. Quantum Random Number Generation (QRNG) – Generation of cryptographic entropy using quantum properties
  4. Quantum Key Distribution (QKD) – Key distribution with safety guaranteed by the laws of quantum physics

Conclusions

The quantum threat to modern encryption is no longer a theoretical question but an imminent challenge that requires immediate action. Organizations must now begin the path of crypto-agility and gradual implementation of PQC solutions, following the principle "harvest now, decrypt later" that already guides the most sophisticated attacks.

Preparation requires a holistic approach that combines:

  • Strategic awareness at executive level
  • Specialist technical skills
  • Clear and prioriized implementation roadmap
  • Collaboration with vendors and technological partners

How effectively synthesized the NIST: "It's not about if, but when" the quantum threat will become reality. The cryptographic resilience of organizations will depend on their ability to anticipate this inevitable transition.

Useful links:

Related articles

EnglishenEnglishEnglish
ItalianitItalianItalianoEnglishenEnglishEnglish