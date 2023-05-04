Business leaders may have heard of quantum computing, but many are not yet aware of its incipient threat to cryptography and cryptocurrency. When these machines reach a sufficient level of performance, they will be able to easily factor prime numbers, which poses a threat to RSA. Only a few realize that the time to prepare for the conundrum of post-quantum risk is now.\n\nIn quantum computing, the zeroes and ones underlying classical computing are replaced by quantum bits (qubits). These are made of subatomic particles. They produce complex computations exponentially faster than classical computing\u2019s ones and zeroes.\n\nQuantum\u2019s risks\n\nOne great risk related to quantum computing is the belief that its capabilities will remain out of reach for a long time, yet some pundits have been remarking for 30 years now that the quantum threat is 30 years away.\n\nAs of this writing, about three dozen quantum computers are already available in the cloud. While these machines pose no risk, national governments, global authorities, and experts regard the availability of a cryptanalytically-relevant quantum computer (CRQC) as an imminent threat.\n\nCryptocurrency and the blockchain\n\nImagine a bad actor possessing a CRQC and downloading a blockchain. They\u2019ll reverse all transactions where addresses are reused to obtain those wallets\u2019 private keys. Then, they\u2019ll steal all the cryptocurrency those wallets contain.\n\nThe elliptic curve cryptography used in blockchain is more susceptible to quantum computing attacks than RSA encryption used to protect sensitive data in motion such as credit card transactions. Based on two well-known papers, 2,500 error-corrected qubits will be needed to crack some blockchains, while over 4,000 such qubits will be needed to attack 2048-bit RSA. Newer, quantum-resistant approaches for blockchains are emerging, but it\u2019s still early days. Businesses that make use of the blockchain will want to monitor developments in quantum-resistant approaches.\n\nSensitive data\n\nPublic key encryption techniques \u2013 used today for email, financial transactions, and other sensitive communications \u2013 will be broken when a CRQC becomes available to bad actors.\n\nThis is not only a threat to future transactions but also already a threat to data. Nation states and other bad actors are already stealing encrypted data, anticipating capabilities to decrypt these assets to become available within a few years.\n\nMosca\u2019s Theorum adds the years it could take an organization to migrate to post-quantum cryptography (PQC) to the years the data must be kept safe. For industries like healthcare or insurance, the shelf life of sensitive data is a lifetime. This total is almost always longer than estimates of a CRQC arriving, which means the secrets will be exposed. to the years the data must be kept safe. For industries like healthcare or insurance, the shelf life of sensitive data is a lifetime.\n\nNow is the time to identify sensitive data in preparation for applying new algorithms and ciphers as soon as they\u2019re available.\n\nRegulation\n\nIn May 2022, the White House released a memorandum to describe the U.S. government\u2019s expectations of all federal agencies: \u201cWhen it becomes available, a CRQC could jeopardize civilian and military communications, undermine supervisory and control systems for critical infrastructure, and defeat security protocols for most Internet-based financial transactions\u2026 To mitigate this risk, the United States must prioritize the timely and equitable transition of cryptographic systems to quantum-resistant cryptography, with the goal of mitigating as much of the quantum risk as is feasible by 2035.\u201d\n\nIt\u2019s likely that other authorities will adopt similar requirements for the industries they regulate.\n\nMeanwhile, the United States Department of Commerce\u2019s National Institute of Standards and Technology (NIST) is conducting global efforts to standardize PQC algorithms. They\u2019ll publish the standard in twelve to eighteen months.\n\nStandardization will be the inflection point at which most individuals \u2013 including board members \u2013 take interest in the conundrum of post-quantum risk. When NIST announces the standards, board members and other stakeholders will want to know how crypto-agile their organizations are \u2013 but by then, we believe it will be too late.\n\nCrypto-agility\n\n\u201cCrypto-agility measures how well your company can adapt to new cryptographic primitives and algorithms without making disruptive changes. Every company will need to achieve this bragging right as soon as possible to avoid the coming quantum computing cryptographic apocalypse. This includes a combination of auditing where you are on the journey and then actually taking action.\u201d\n\nCrypto-agility should be the goal of every organization, but how many of them can pass a crypto-agility assessment today? The answer is: no organization today is fully crypto-agile. The good news? All organizations can make progress toward crypto-agility, starting from wherever they are.\n\nWhy act now?\n\nFor the first time ever, security professionals enjoy the luxury of knowing about a \u201czero day\u201d before it happens. They don\u2019t have to be caught unaware.\n\nAmong the reasons to work toward crypto-agility now:\n\nApproach\n\nSome security leaders are taking steps to become crypto-agile by:\n\nBusinesses of any industry may experience new threats when bad actors acquire CRQCs, but they can start defending themselves now. Keep up to date with quantum threats \u2013 and opportunities \u2013 with The Post-Quantum World podcast.\n\nRead the results of Protiviti\u2019s Global Technology Executive Survey: Innovation vs. Technical Debt Tug of War.\n\nConnect with the Authors\n\nGreg HedgesManaging Director, Emerging Technology Solutions\n\nKonstantinos KaragiannisDirector, Quantum Computing Lead