Sectigo’s Tim Callan makes his top predictions for what the year ahead will hold for quantum computing and encryption.
2023 was the year that quantum computing entered the average person’s lexicon. From government-backed funding to advancements by major players like IBM, quantum has become the buzzword on everyone’s mind, after artificial intelligence of course.
Quantum computers are no longer a science project, they are now an engineering project. By that, I mean that there is no question that it will work, and it will be commercially viable, and it will be practical. It’s just about figuring out how to get them all tuned in the way we want them. It’s important, therefore, to look at where quantum computing could be by the end of 2024.
In 2024 RSA will come under siege
RSA is one of the oldest cryptosystems out there and is widely in use, specifically for secure data transmission. 2024 will see the RSA encryption algorithm face unprecedented scrutiny as researchers around the world intensify their endeavors to break the security backbone of the internet. Although RSA is not expected to succumb, it will undoubtedly grapple with an immense amount of pressure.
Quantum computers stand to defeat RSA and elliptic-curve cryptography (ECC), and qualified researchers are putting energy into finding the strategies to most effectively do so. This research can piggyback on thinking about how to defeat RSA with a traditional computer as well. After all, any attacker with access to quantum computing will also have access to all the traditional architecture computing it needs.
We should expect continued revelations in the years to come, which will reduce the time to computation for RSA on a variety of fronts. While these attacks on their own are deeply unlikely to bring that time to computation down to the point where they represent viable attack vectors against the key sizes we commonly use today, they will fuel additional research and ultimately will contribute to the optimised quantum-based attack that we will one day understand.
While the siege on RSA encryption is underway, it is crucial to acknowledge that the encryption method itself is robust and has withstood more than 40 years of technological innovation. This is not being challenged. We will see, however, continued scrutiny of this algorithm in preparation for the day when a quantum computer can execute such an attack.
We will see continued scrutiny of the idea of applying traditional methods to the quantum platform, and we will see full consideration of hybrid attacks using both architectures together. While we don’t expect a computer to be able to perform these attacks in 2024, the trend toward that eventual day will continue with additional published papers and revelations about how to break this bulwark of digital security.
Post-quantum cryptography will be a boardroom discussion
In 2024, transitioning to quantum-resistant cryptography will become a mainstream boardroom discussion. No longer a buzzword or a topic to be tabled, becoming crypto-agile to prepare for post-quantum encryption will be a key focus for the C-suite next year.
This shift has massively been supported by the US National Institute of Standards and Technology’s (NIST) development of quantum-resistant encryption and its impactful educational campaign on quantum’s threat to decryption. They have now transformed a once theoretical discussion about decryption into a mainstream business focus.
Enterprises will sit up and take notice of the threat quantum computers pose to the cryptography that enables and secures nearly all our digital operations today. In 2024, large enterprises, particularly those in sensitive industries such as financial, medical, or military contractors, and businesses with high-value intellectual property will begin building roadmaps for deployment of post-quantum cryptography (PQC) to keep their assets and operations safe from this new computing paradigm. This accompanies a general increase in focus on automation of cryptography and certificates, certificate life cycle management and crypto agility.
Governments must buck up on quantum investment
The recent statement in the UK’s autumn budget by the chancellor of the exchequer showcased the country’s commitment to the quantum strategy they outlined earlier in the year.
While commendable, Jeremy Hunt’s earnestness in the 10-year quantum plan falls short when it comes to a sustained commitment to safeguarding encryption security. The paradox is evident – while the remarkable processing power of quantum holds boundless potential, it simultaneously poses a significant threat to the foundation of all encryption.
We must not forget the security challenges associated with this advanced technology. If a country does develop a quantum computer capable of breaking current encryption methods, it would likely keep it a closely guarded state secret, as the UK did when it broke the Enigma code during World War II. For this reason, businesses must take proactive measures to prepare for this eventuality by transitioning to quantum-safe algorithms before it is too late.
Think about those industrial secrets that, let’s say, another nation state might want to take away. Think about those military secrets. Think about the plans for the stealth fighter. Those are the things that are very, very valuable. And those are the things that we need to worry about most immediately.
Back in June of this year, IBM claimed that quantum computers were entering a period where they would become useful for businesses, calling it the ‘utility phase’. Over the next 12 months, businesses will have to prove to themselves and others that they are capable of handling the enormous opportunity that quantum computers will bring. Doing that requires them to be compliant and secure at every level.
By Tim Callan
Tim Callan is the chief experience officer at Sectigo, a company that provides web security and identity solutions.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.