C-Suite Should Be Concerned About Post-Quantum Cryptography
The anticipated arrival of quantum computers poses significant cybersecurity risks for those who do not prepare early.
Commercially useful quantum computers are still a decade away by most expert estimates, but that does not mean Directors and Chief Risk Officers can afford to wait to act. Organisations that do not start preparing now, will face significant cybersecurity risks in the future.
Almost all transactions routinely taking place over the internet rely on encryption to protect privacy and sensitive data. Modern encryption relies on mathematical problems which are difficult to solve but easy to verify. For example, a commercial website encrypts credit card details to prevent third parties reading them.
This particular encryption, called “public key” or “asymmetric” encryption, involves two large prime numbers, one of which is kept private while the other is shared publicly.
The product of these primes is also shared which means that the encryption can be broken by factoring the product, but this is too difficult for a conventional computer to do in a reasonable time frame.
Even if a sufficiently powerful computer is built, the keys need only be made a bit larger to render decryption too difficult again. In fact, the larger the key, the greater the effect of increasing its size so that the advantage always lies with the encryptor.
All this will change when hackers gain access to sufficiently powerful quantum computers. The properties of quantum computers allow them to run algorithms not accessible to conventional computers.
The first quantum algorithm discovered, Shor’s algorithm, allows a quantum computer to derive the prime factors of a large number much more easily than a conventional computer. Discovered by Peter Shor in 1994, Shor’s algorithm, and its subsequent refinements, allow a large number to be factored into prime numbers with a relatively small number of steps which increases only slowly as we move to larger encryption keys. It therefore provides an exponential speedup over classical algorithms.
A lot of modern encryption will consequently be breakable in the not-so-distant future when cryptographically relevant quantum computers become available. Fortunately, “post-quantum” encryption algorithms have already been developed based on different mathematical problems which neither conventional nor quantum computers can solve efficiently.
The US National Institute of Standards and Technology has recommended three standards (Federal Information Processing Standards 203, 204 and 205) based on new post-quantum encryption methods believed to be secure against quantum computers to be implemented by 2035.[1]
The three new standards are designed for different types of secure digital transactions. It should be noted that these new standards will require more processing power than current methods to avoid significantly degrading transaction speeds. Similar recommendations have been made by the Australian Signals Directorate to be implemented by 2030[2] and the European Commission has encouraged Member States to develop coordinated standards[3]. However, there is considerable debate about whether the mandated implementation time frames are too lenient.
Few organisations outside of the cybersecurity industry appreciate that transitioning to new encryption standards will be a long, time-consuming process which cannot be completed at short notice. Previous mandated encryption upgrades have taken many years and ran over time.
Post-quantum cryptography (often referred to as PQC) will need to be implemented before the availability of quantum computers if sensitive data is to be protected. Their early availability is likely to follow a similar pattern to that of conventional computers, with a few expensive-yet-primitive models available only to the well-resourced with availability and cost improving slowly over time.
And while progress on commercially developed quantum computers is loudly announced, the acquisition of a cryptographically relevant quantum computer by a rogue government or organisation will not be. They will simply use it, leaving the data breach undetectable until after its harm has been done. The situation is particularly urgent for organisations whose data is likely to remain sensitive up to 7 to 15 years into the future.
Aspiring hackers, typically supported by rogue states and similar, are already running harvest-now-decrypt-later attacks. As the name suggests, this means either copying or, more often, intercepting and storing transmitted data until the advent of cryptographically relevant quantum computing. If your organisation uses data sensitive for that long, then your transition to post-quantum cryptography is already running late!
The process of upgrading to post-quantum cryptography begins with a thorough audit of all the encryption-related processes and encrypted data throughout the organisation.
Most organisations have never performed such an audit or even have a checklist to work through. Achieving this level of cyber-maturity in an organisation is worth the post-quantum cryptography update alone, even if no encryption processes are changed. Software tools exist which can scan systems and identify the encryption-related processes and the types of encryption they use.
There are two types of encryption endangered by quantum computing. The chief danger comes from Shor’s algorithm with the asymmetric encryption described above. There is also a theoretical risk for encryption based on symmetric key exchange due to another quantum algorithm called Grover’s algorithm, which can search through unstructured values with quadratic speedup over classical methods.
Organisations need to assess the risk and cost associated with upgrading encryption methods, taking into account the sensitivity of the data they protect and the difficulty of upgrading them. Where encryption is upgraded, careful planning and testing are required to detect unexpected effects on system performance due to latency and compatibility issues.
The future arrival of quantum computers with their accompanying cybersecurity risk is more than likely. Given the time-consuming nature of upgrading to post-quantum cryptography and the reality of harvest-now-decrypt-later by dark states and others, organisations would do well to acknowledge the importance of taking action before their insurance companies do!
References
[1] National Institute of Standards and Technology. (2024, August). NIST releases first 3 finalized post-quantum encryption standards. https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards retrieved 12 January 2025
[2] Australian Cyber Security Centre. (2025). Guidelines for cryptography. https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography retrieved 12 January 2025
[3] European Commission. (2025). Recommendation on a coordinated implementation roadmap for the transition to post-quantum cryptography. https://digital-strategy.ec.europa.eu/en/library/recommendation-coordinated-implementation-roadmap-transition-post-quantum-cryptography retrieved 12 January 2025
CPD: Actuaries Institute Members can claim two CPD points for every hour of reading articles on Actuaries Digital.
