To help enterprises prepare for the implications of quantum computing, Sectigo, the world's largest commercial Certificate Authority (CA) and a provider of purpose-built and automated PKI management solutions, has created a broad set of 15 educational resources for security industry professionals in the form of a white paper, podcast episodes and transcriptions, and articles.
By its nature, quantum computing is highly effective at factorizing numbers, which means quantum computers will be many orders of magnitude faster at the calculations necessary to break the RSA and Elliptic Curve Cryptography (ECC) encryption that underpins our digital systems today. This efficiency gain is so monumental that increasing the key sizes of these cryptographic schemes is not a viable solution. Rather, the world's Public Key Infrastructure (PKI) systems will have to migrate to one or more new, quantum-resistant encryption algorithms before quantum computers break current encryption methods.
PKI is necessary for the secure operation of all the confidential and mission-critical digital processes in our global economy, including finance, commerce, communication, enterprise computing, transportation, defense, manufacturing, healthcare, government, and logistics. The impact of insecure PKI would be so vast that this potential outcome has come to be known as the Quantum Apocalypse.
Thought leaders from industry, academia, and government are combining efforts to discover and deploy quantum-resistant cryptographic solutions across our global digital systems. The National Institute for Standards and Technology (NIST) has been leading an effort to identify one or more cryptographic approaches that can substitute for RSA and ECC. The community participating in NIST's process now has a list of more than 20 candidate algorithms that are undergoing scrutiny of their suitability for this task.
Successful quantum-resistant algorithms must be difficult to break using brute-force attacks by both traditional and quantum architectures while still meeting performance standards similar to today's algorithms. To be viable for widespread use, the algorithm must deliver on criteria such as:
"While no one can definitively say when quantum computers will reach the point of defeating RSA and ECC, many estimates place that date in the next 10 or 15 years. Any organisation that does not migrate by then will be vulnerable", stated Tim Callan, Senior Fellow, Sectigo. "At Sectigo, we are working with our large base of enterprises, schools, and government agencies to help them achieve crypto agility by putting in place the systems and automation capabilities necessary to ensure rapid and comprehensive migration to these new standards once they arrive."