Post-quantum cryptography is starting to go mainstream. Today The Economist published 23 items of vital vocabulary you’ll need to know in 2023. One of the terms on the list is Post-Quantum Cryptography:
Quantum computers exploit the weirdness of the subatomic realm to do things that ordinary computers cannot. That includes cracking codes: a working quantum computer, if one can be built, could break the encryption that is currently used to secure communications and protect sensitive data. To protect against this possibility, new “post-quantum” cryptography standards, designed to be invulnerable even to quantum computers, were approved in 2022, and preparations for their implementation will begin in earnest in 2023.
It is great to see that both the challenges and benefits of quantum computers are growing in visibility and that post-quantum cryptography is becoming something outside of security circles.
If you’re unfamiliar with the root cause of the post-quantum threat, the easiest way to summarize is that encryption keys are at risk. That is it – transmitting the encryption keys for data is the fundamental security vulnerability that underpins the risks posed by quantum computers to security.
When using cryptographic algorithms like RSA or ECC, or even new NIST Post-Quantum Cryptography (PQC) algorithms, the session keys used to encrypt your data during transmission are being transmitted. While we can assume data transmitted is secure over the short term, the risk stems from the fact that over the long-term algorithms eventually fail. When they do, every byte of data transmitted to that date will become immediately vulnerable and exploitable. RSA and ECC will fail due to quantum computers, and we don’t know how long before the PQC algorithms fail.
Qrypt solves this risk by eliminating key transmission completely. If you’re beginning to plan to use NIST PQC and wondering what to do next, eliminating key transmission from key workflows remediates risk now. If you’re wondering if crypto-agility makes sense, and it does from a development best practice point of view, eliminating key transmission will reduce your need to change out failed algorithms as often. And if you’re investigating quantum key distribution (QKD) then Qrypt is an outright replacement for QKD without the costs of laying fiber optic cables or satellites. And it works, over distance, to multiple endpoints.
If you want to stay up to date on all the developments at Qrypt, sign-up for our newsletter today.