Because quantum computers will eventually be able to decrypt your organization’s data, you are already in trouble right now. The longer you wait to adopt quantum-secure cryptography, the more of your data will later be decrypted and exploited. ‘Harvest now, decrypt later’ (HNDL) is an unseen bleeding wound.
Capturing encrypted data as it travels over the internet has always been easy to do. There just wasn’t much point so long as RSA and other common forms of encryption were expected to remain secure. Now that a range of corporations, governments and universities are building new generations of quantum computers, we can see that at some point in the future, quantum computers will be powerful and accurate enough to break conventional forms of encryption. That unknown day is often referred to as “Y2Q.”
The risk of people misusing more powerful quantum computers in the near future is serious enough that the world’s most credible bodies focused on cybersecurity have been not only sounding the alarm but taking decisive action and imploring others to participate in reducing the risk.
The National Institute of Science and Technology (NIST) has taken the quantum threat to cryptography seriously enough to develop new post-quantum cryptography standards on an accelerated timeline. A federal information processing standard will be published in 2024 and must then be adopted by government and industry soon thereafter.
A national security memorandum issued in January of 2022, and a recent November 2022 memorandum, also requires federal agencies to quickly adopt post-quantum cryptography. Businesses that handle data as part of their work for those agencies will need to come into compliance. Bipartisan legislation from the US Congress also requires the federal government to take action to make data secure against quantum decryption. The US National Cybersecurity Center of Excellence and the Cybersecurity and Infrastructure Security Agency have begun implementing and offering guidance on post-quantum security. Their counterparts in Germany and France are doing the same.
A recent report by Deloitte on quantum cyber readiness points out that “there is a threat today based on ‘harvest-now, decrypt-later’, whereby attackers are stealing data on the anticipation that they can decrypt it in the future. This – along with the fact that updates to cryptographic capabilities will take some considerable time – means that organizations should start carefully assessing their risk today.” The Hill has also recently implored organizations to take action to halt data loss to HNDL attacks, writing that “Opponents are waging [HNDL] attacks against the United States,
exfiltrating and storing encrypted data today to decrypt it in the future.”
Quantum security isn’t an issue that organizations can wait years to start dealing with. If you haven’t already started to prepare to comply with NIST’s 2024 standards, you are already at a disadvantage. And even if you follow NIST’s guidelines, you will be bleeding data for years until they are fully implemented and become mandatory. It is essential to secure encryption keys from harvest attacks today and begin using quantum-secure encryption as quickly as possible.
Most of the traffic on the internet is currently encrypted using RSA. And it so happens that part of the impetus for developing quantum computers came from the development of an algorithm by Bell Labs mathematician Peter Shor in 1994 that could crack RSA if run on a sufficiently powerful quantum computer. Shor’s algorithm was groundbreaking in that it was an idea for a practical use of a quantum computer to do something not possible on any classical computer. This inspired physicists to start building quantum computers. The ability of a quantum computer to run Shor’s algorithm is often used as part of benchmarking its performance.
With Shor’s algorithm so close to the heart of quantum computing development, it is easy to see why NIST and other federal agencies are so concerned with moving to encryption schemes that are not vulnerable to quantum computers. They want to protect sensitive data from future exploitation.
Your data is already being captured and stored right now and nothing that you do in 2024 or later can possibly change that fact. Additionally, if CRYSTAL-kyber or any other new PQC algorithm fails all your PQC data will be at risk too. Does that matter? It depends on what kind of data is being captured.
A spreadsheet with names, social security numbers, bank account numbers and dates of birth will be just as useful to a criminal five years from now as it is today. A few of those names may no longer be living and some of the bank accounts might not exist anymore, but most of that information will still be sensitive when Y2Q arrives. Legal liability for failing to keep it secure will still be an issue.
Today’s trade secrets may still be information you would want protected if a foreign government is able to decrypt them a few years from now. Manufacturers of components for defense systems would not want this week’s schematics and emails to be read by the Chinese or Russian governments in the future. But they probably already have them. Governments are able to tap undersea internet cables and capture everything transmitted.
Data storage has become extraordinarily cheap. High volume storage for rarely accessed data costs as little as $0.004 per gigabyte. It is now pretty simple for governments and criminals to capture large volumes of encrypted data and store it until they have access to quantum computers that can decrypt it.
When a quantum computing company launches a new system, the main goal is usually to make money by selling access to that new system. Within a matter of months, mature quantum hardware makers will tend to make that new system available over the cloud to anyone who wants to pay for it. Amazon Braket will provide you with access right now to quantum computers from five major hardware makers. Criminals or foreign governments will not likely need to wait years after Y2Q for an affordable desktop quantum computer. They can sign up online just like the thousands of legitimate customers who are looking forward to accessing this technology.
When is Y2Q coming? Nobody knows for sure. It could be in two years, it could be in ten. There are now dozens of quantum hardware companies with anywhere from millions to billions of dollars in R&D resources. IBM, Honeywell and Google are among the heavyweights who have made major investments in this technology. Plus governments and academic labs around the world are working on their own projects, some of which we may hear about and others which may be classified. Some of them might fail. But all of them? Thousands of physicists and engineers are working every day to build newer, more powerful, more reliable quantum computers. An entire industry has emerged to produce software, applications and components. This isn’t going away.
In a 2021 global study, IBM found that data breaches cost companies an average of $4.24 million per incident. In just one incident, Equifax was forced to pay out a $650 million settlement over a 2017 data breach. For many companies, the cost of having their encrypted data fall into the wrong hands could be an existential threat that exceeds their ability to remain solvent.
It is just a matter of the bad guys storing the data and waiting for the quantum computer that can decrypt it. So why wait for Y2Q to happen? Why wait for the new NIST standards to become mandatory when you could exceed them right away?
Qrypt has quantum-secure cryptography available right now, which is mathematically proven to never be vulnerable to attacks by quantum computers. Don’t wait to become a victim to ‘harvest now, decrypt later.’