A leading expert in cryptography and computer security at the cutting edge of preparing for the quantum computing era, Nigel Smart is a professor at COSIC at the Katholieke Universiteit Leuven and Chief Academic Officer at Zama. A cryptographer by profession, Smart is working to future-proof our digital information against the potential security threats posed by powerful quantum computers.
Smart recently explained during a video series, much of modern cryptography relies on the difficulty of factoring large numbers into their prime components: “Everyone’s heard of the factoring problem — if you multiply two prime numbers together it’s easy to do multiplication but it’s hard to split them into primes again. It’s a very old form of cryptography.”
However, he warns “if a sufficiently large quantum computer was ever built, it would be able to break the cryptography that we use on the internet today.” Quantum computers could render many current encryption methods obsolete by rapidly factoring large numbers.
The solution, according to Smart, is “post-quantum cryptography” which “takes the factoring problem, for example, and replaces it with a problem that not even quantum computers can break. It’s still a hard mathematical problem, but it’s harder in the sense that quantum computers are not able to break it.”
Smart stresses that “companies should actually be anticipating that in the next five to ten years they will need to replace their existing solutions with ones which are post-quantum secure.”
A key challenge is having the “crypto agility” to transition systems to new post-quantum cryptographic algorithms.
“You need to consider the problem — am I crypto agile? Am I able to respond quickly if there is a problem found with an algorithm and switch out and put a new one in?” Smart noted.
Businesses must take stock of their “crypto assets” and prepare migration paths, understanding “what algorithms you’re using and when, what keys are you using and when” across the whole organization.
The urgency of migrating to quantum-safe encryption depends on the lifespan of sensitive data. Smart explains that even if a quantum computer is still years away.
“You could be creating a document that you want to be secure in 10 years time, like a will,” he said. Companies must “estimate when you think a quantum computer will come along” and start using post-quantum crypto for longterm sensitive documents before that point.
While the “standards are only out” recently, Smart advises proactively developing a “risk profile” rather than panic, matching the estimated quantum computing timeline against your sensitive data longevity needs. Most companies can take measured steps “preparing a migration path probably over the next five or six years.”
Featured image: Credit: Confidencial
