866.254.0000
Talk with a Specialist
Services
SOC & Attestations
Payment Card Assessments
ISO Certifications
Privacy Assessments
Federal Assessments
Healthcare Assessments
Penetration Testing
Cybersecurity Assessments
Crypto and Digital Trust
Schellman Training
ESG & Sustainability
AI Services
View All Services
Industry Solutions
Cloud Computing & Data Centers Meet a broad range of regulatory and industry compliance mandates for your customers
Financial Services & Fintech Cybersecurity assessments for both the banking industry and the financial service providers
Healthcare Reporting to manage risk and adhere to applicable laws and regulations
Payment Card Processing Validate compliance with the various forms of the PCI DSS
US Government Achieve authorization to work for federal agencies, DoD, and the associated contractor base
Higher Education & Research Laboratories Reinforce your commitment to securing your student's and institution's data.
View All Industry Solutions
Learning Center
Our Technology
About Us
Leadership Team
Careers
Corporate Social Responsibility
Strategic Partnerships
Visit About Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
View All Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
Learning Center
Our Technology
About Us
About Us
About Schellman
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships
Talk with a Specialist

«  View All Posts

What are the Implications of Post-Quantum Computing on Security and Cryptography? Blog Feature
Sully Perella

By: Sully Perella

Print/Save as PDF

What are the Implications of Post-Quantum Computing on Security and Cryptography?

Cybersecurity Assessments | Quantum

Like all evolutions in technology, quantum computing promises to revolutionize problem-solving and to do so at speeds that are unimaginable for classic computers we know. However, this technological advancement also poses a significant threat to our current cryptographic systems and algorithms that underpin how the world protects and verifies information.

In this blog, we'll explore the threat posed by quantum computing and the mitigations required in the post-quantum computing world so that—with this awareness—you can remain secure and more easily adjust when the time comes.

 

The Quantum Threat to Cryptography

Let’s start with the core issue—current computer processors rely upon discrete states of binary numbers (0, 1) processing serially, quantum computers will utilize the principles of quantum mechanics to perform multiple calculations at once.

That’s an exponential increase in computing power.

Given that cryptographic algorithms rely on processing speed to solve incredibly difficult math problems, the increased speed of calculation using quantum processors could solve the encryption algorithms currently in use, threatening the security of the encrypted data, whether in transit, in use, or stored.

 

8 Key Security Considerations for Quantum Computing

The solution to the danger facing existing encrypted transactions and repositories has since coined the term “post-quantum cryptography”—or the global effort focused on developing cryptographic solutions resistant to the vulnerabilities introduced by quantum computing.

As these solutions progress, there are eight specific aspects that will require attention in creating the secure implementation of quantum computing.

 

1. Risk Assessment and Information Classification

Though cutting-edge quantum computing will first only be available to those with the means and the funds to deploy it for their purposes, it will be critical for those who do to also add quantum computing risks to any established enterprise risk management (ERM) program.

To address quantum computing sensitive data, this risk management should be augmented by an updated information classification scheme.

2. Transition Period

Transitioning from traditional cryptography to post-quantum cryptography will be a complex task, as you’ll need to require your existing, non-quantum computing infrastructure can support the new algorithms.

As part of that transition, it’ll be critical for organizations to establish a clear inventory of cryptographic assets across the enterprise. To ease the change and find the best paths toward quantum implementation, it may help to reassess the value of your data and data retention policies through the lens of quantum computing.

3. Quantum-Resistant Cryptography

As it’s projected that quantum computers will be able to break existing cryptographic algorithms within hours, it’s paramount to develop new cryptographic algorithms that even quantum computers cannot readily solve.

Work has already started to make these algorithms computationally difficult to calculate the key. As they make it computationally difficult to calculate the key—even for quantum processors with exceptional processing speed—promising approaches include:

  • Lattice-based cryptography
  • Code-based cryptography
  • Multivariate polynomial cryptography

4. Quantum-Safe Protocols

Beyond encryption, other protocols—e.g., digital signatures, authentication, etc.—will also need to be made quantum-resistant.

While solutions are still in the process of being developed to address these aspects of security, organizations can get started in this by creating an inventory of what is in use to facilitate future transitions.

5. Quantum Key Distribution (QKD)

Not only are cryptographic algorithms at risk, but the transmission of cryptographic keys used to enable them also could be prone to eavesdropping in a post-quantum world.

Fortunately, quantum key distribution is a promising technology that leverages the principles of quantum mechanics to secure communication channels, as a high level of security is built in to detect any eavesdropping attempts while affording flexibility for key changes in a short time without human action.

Though it is commercially available, QKD may currently be cost-prohibitive for your organization—still, integrating QKD into existing systems would be a step toward quantum-safe communication.

6. Long-Term Data Protection

Given that the post-quantum computing threat can impact data—both in storage and in transmission—it’s vital to better understand your complete inventory of encrypted data, including the algorithms in which they were encrypted.

Organizations must consider the long-term security of that data, as the methods used for encryption today may remain secure for years to come or could require immediate upgrades to implement protections commensurate to its value.

Migrating to post-quantum cryptography is a step towards mitigating threats of exposure to maintain confidentiality - even in the future with quantum computers.

7. Budget and Resource Allocation:

As you’ve likely discerned by now, preparing for post-quantum security will require more allocated resources and budget to serve the following:

  • The creation of a comprehensive inventory of your current Cryptographic Hardware and Software implementations;
  • The establishment of a Cryptographic Bill of Materials (CBOM);
  • Hardware/software upgrades;
  • algorithm adoption; and
  • Training for staff in the implementation of quantum-resistant solutions.

While there’s no turnkey solution here, proactive measures will go a very long way toward business continuity and reducing your exposure.

8. Standardization Efforts

Meanwhile, several standards organizations—including the National Institute of Standards and Technology (NIST) and other international governmental agencies—are already involved in standardizing post-quantum cryptographic algorithms to ensure interoperability and widespread adoption.

Security professionals must keep an eye on these standards and their development and apply those controls based on risk.

 

What You Can Do Today to Prepare for Secure Quantum Computing

The advent of quantum computing presents both opportunities and challenges for the field of cybersecurity, and though it does have the potential to break current encryption systems, the development of post-quantum cryptography and security measures is already underway.

As the technology continues to progress, stay informed about quantum-resistant algorithms, transition your systems, and prepare for the threats posed by quantum computing. To help you get started, here’s our suggested three-step plan:

  1. Begin by performing a comprehensive review of your data to determine the value or sensitivity of all of it.
  2. Next, create a plan that accounts for the technologies in use to stay informed on updates and potential threats.
  3. Then, create a plan to migrate to newer methods of protecting data in transit and storage that are quantum resistant.

Want additional information? See these links from CISA and the NSA. They include additional guidance and resources. And if you’d like more direct input from those experienced in this area, reach out to us—we’d like to meet with you.

About Sully Perella

Sully Perella is a Senior Manager at Schellman who leads the PIN and P2PE service lines. His focus also includes the Software Security Framework and 3-Domain Secure services. Having previously served as a networking, switching, computer systems, and cryptological operations technician in the Air Force, Sully now maintains multiple certifications within the payments space. Active within the payments community, he helps draft new payments standards and speaks globally on payment security.

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Ready delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.