Most people barely think about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is reaching them regardless of whether or not it will keep them awake tonight.
Today, many people rely on encryption in their daily lives to protect their critical digital privacy and security, whether it’s sending messages to friends and family, storing files and photos, or simply browsing the web. The question experts have long been asking, with an eye toward advances in quantum computing, is: “How long will it be before these defenses fail?”
The clock of quantum computing
A group of researchers is already sounding the alarm, claiming that they have found a way to break 2048-bit RSA encryption with a quantum computer. While the claims may be premature, they point to a terrifying future that may be closer than we once thought. Breaking RSA encryption would represent a huge privacy and security vulnerability for virtually every aspect of our digital lives: a master key to all our digital data.
And it’s not just our future data and communications that are at risk. Breaching modern encryption protections can also have a profound retroactive impact, with the possibility that attackers are collecting data now in the hope of decrypting it in the future.
“We know for a fact that store now, decrypt, then attacks are happening right now, and their frequency will only increase as we get closer to delivering a fault-tolerant quantum computer,” says David Joseph, a research scientist at Sandbox. AQ. . “Once encrypted data has been extracted, there is no way to protect it against future decryptions and exploitation.”
Simply put, while your encrypted messages may be secure and private today, if someone captures them and keeps them until they have access to a quantum computer, they will be able to decrypt and read them in the future.
The rise of post-quantum cryptography
Post-quantum cryptography (PQC) refers to cryptographic algorithms that are resistant to attacks from both classical (i.e., the non-quantum ones we use today) and quantum computers. These algorithms are based on mathematical problems that are believed to be difficult for both types of computers to compute. They serve as a backup plan to ensure that our data remains safe in a future where powerful quantum computers exist.
While PQC has been a topic of research and development for many years, it is only now beginning to see its first applications in the consumer protection space. This is due to a number of factors, including the growing maturity of PQC algorithms and growing awareness of the threat of quantum attacks. Last month, for example, Chrome just started supporting a PQC algorithm, although it won’t be widely used yet and will depend on broader ecosystem support.
Hybrid cryptography for comprehensive defense
One of the challenges of post-quantum cryptography is that it is still in the early stages of development and lacks the track record of widely used and time-tested classical cryptography. That’s where hybrid cryptography comes in, providing a sort of two-layer shield.
“A hybrid approach means that users are safe from attacks by classical computers without relying on post-quantum algorithms, and also have the best chance we know today of being safe from attacks by quantum computers,” he explains. Peter Membreyengineering director of ExpressVPN. “Post-quantum algorithms are still relatively new and less battle-tested. By leaving classical cryptography in the hands of existing tried-and-true standards, we can ensure that any unforeseen problems with post-quantum algorithms do not affect the security or integrity of the cryptographic infrastructure. and, by extension, the security of users.
As the messaging app Signal recently explained in an announcement about quantum-resistant encryption, rather than replacing any existing classical cryptography, they use PQC to “(augment) existing cryptosystems such that an attacker must break both systems in order to compute.” the keys that protect people’s communications”. “.
The future of PQC in consumer applications
Recent advances in PQC in consumer applications are the vanguard of a new era in cybersecurity and a sign that the technology industry is taking quantum threats seriously. As quantum computing moves from science fiction to reality, the question is not whether we need post-quantum cryptography, but how quickly we can make it a standard feature in our digital lives. The clock is ticking and soon more consumers will be wondering not only what their applications are doing today to protect their data, but also how they are preparing for the threats of tomorrow.