Post-quantum cryptography: Migration for companies and authorities
Experts predict the day when there will be quantum computers that can crack asymmetric cryptographic methods such as RSA and Diffie-Hellman. The corresponding year is referred to as Y2Q. If we fail to convert our computer systems to quantum-proof cryptography before Q-Day, a global catastrophe looms. But how long will it take until then?
Different levels of difficulty
State IT security experts are naturally cautious, and so the National Security Agency (NSA) is demanding that the operators of sovereign IT systems in the USA make the switch by 2035. In Germany, the Federal Office for Information Security (BSI) assumes that, in the worst case, the year Y2Q will begin in a decade. It is likely that these assessments will soon have an impact on laws and regulations that set corresponding deadlines for the replacement of conventional crypto processes.
Save now, decrypt later
After the standardization of post-quantum methods made great progress in the course of 2022, crypto manufacturers and protocol designers are currently in demand. They must integrate the new crypto methods such as CRYSTALS-Dilithium (digital signature) or CRYSTALS-Kyber (key exchange) into their software. The task often becomes difficult because the various post-quantum algorithms tend to work more slowly than RSA and Diffie-Hellman and require significantly longer keys.
Keep an eye on developments
More and more knowledge. The digital subscription for IT and technology. All exclusive tests, guides & background information One subscription for all magazines: c’t, iX, MIT Technology Review, Mac & i, Make, read c’t photography directly in the browser No risk: first month free, then monthly from 9.95 €. Magazine subscribers read even cheaper!
Excursus: The crypto inventory
The crypto inventory is an important factor in the migration to post-quantum cryptography. Companies and authorities need to take stock of their existing cryptographic systems and identify any vulnerabilities. This will help determine the level of difficulty and resources required for the migration process.
Read the article in iX 7/2023
For more in-depth information on post-quantum cryptography and the steps companies and authorities need to take in order to migrate, read the full article in iX 7/2023.
More on the topic of post-quantum cryptography
If you want to learn more about post-quantum cryptography and its importance in protecting computer systems from quantum attacks, consult reputable sources and stay updated on the latest developments in the field.
Q-Day refers to the hypothetical day when quantum computers capable of breaking current cryptographic methods become a reality. It is crucial for organizations to be prepared for this eventuality and ensure their computer systems are protected with quantum-proof cryptography.
The road to migration for post-quantum cryptography may be long, but it is essential to start the process sooner rather than later. By staying informed and taking proactive steps, companies and authorities can safeguard their sensitive information and maintain the trust of their customers.