Data SecurityBlogSecurity
Blog11 minute read

A CTO'S Primer on Q-Day: Part 2 - Post-Quantum Cryptography

Quantum computing threatens current encryption, urging immediate action from CISOs. As Q-Day nears, transitioning to post-quantum cryptography is crucial to protect sensitive data. Embrace hybrid cryptography, modernize inventories, and align with NIST standards to build resilience against quantum threats. Prepare today to secure tomorrow's digital landscape.

What happens when the very foundation of our digital security challenges collapses under the weight of unprecedented computational power? The advent of quantum computing isn't a question of if, but when. For Chief Information Security Officers (CISOs), this transformation poses a direct threat to the encryption mechanisms safeguarding today's digital ecosystems.

Quantum computing represents a seismic shift in technology's capability to process information. With Q-Day (the day quantum computers become capable of breaking classical cryptographic systems) fast approaching, the time for CISOs to act is now. This guide will prepare you to lead your organization through the complexities of post-quantum cryptography (PQC) migration, safeguarding your digital infrastructure from both present and future threats.

The Quantum Computing Threat Landscape

Quantum computing differs fundamentally from classical computing. Where classical computers process data using binary bits (0s or 1s), quantum computers leverage qubits capable of superposition and entanglement. This ability grants quantum systems exponentially greater computational power, enabling them to solve problems that would take classical systems lifetimes to complete.

If we look at conventional computing, a 64-bit computer has 64 'valves' or states that are either 'on' or 'off,' - mapping the problem/equation. The compute result is also a defined result – binary. If we look at quantum computing, 64-qubit computing infrastructure has 264 (18 trillion 'states'. These states define a probability. That means I can map a problem/equation across 18 trillion states and instead of getting a binary result, you will get probabilities of the answer.

The consequences for cryptography are profound. With Shor's algorithm, quantum computers have the potential to efficiently break RSA, ECC, and Diffie-Hellman encryption, which form the backbone of public key infrastructure (PKI). While estimates suggest that Q-Day will arrive between 2030 and 2035, threat actors are already exploiting vulnerabilities through a strategy known as Harvest Now, Decrypt Later (HNDL), stockpiling encrypted data to decrypt once quantum capabilities mature. Simply put, today's encrypted communications may no longer be secure tomorrow.

Given the rapid advances in quantum technology and the intense focus on accelerating progress, believing that 'Q-Day' might happen as soon as 2030 to 2035 could be seen as extremely conservative. A breakthrough may very well occur sooner, potentially without any fanfare or announcements from malicious actors who successfully break RSA-2048 or ECDSA/ECC.

In 2003, a computer scientist Stephane Beauregard wrote a paper titled "Circuit for Shor's algorithm using 2n+3 qubits,"which would equate to 2*2048+3= 4099 qubits. Recent estimations have indicated that it would take approximately 2,000 qubits (clean) to break RSA-2048, a similar requirement for EC-256. With ongoing advancements, what seemed distant yesterday might suddenly become a reality, shifting the landscape of cybersecurity and communication security fundamentally.

Predicted arrival of a cryptographically relevant quantum computer according to experts.
Source: Global Risk Institute – https://globalriskinstitute.org/publication/2024-quantum-threat-timeline-report/

Why Q-Day Demands Immediate Action

For security leaders, the implications of Q-Day—the point at which quantum computers become powerful enough to break current encryption standards—demand urgent preparation. Sensitive data, including financial records, healthcare information, and intellectual property, often has a long lifespan; meaning that the information we protect today could still be vulnerable decades from now. Delaying action risks exposing this data to future decryption attacks once quantum technology becomes more advanced. Cybersecurity is no longer just about mitigating present threats; it's about anticipating the challenges of tomorrow and fortifying systems against risks that may seem distant but will have significant consequences if not addressed in time. Proactive planning, such as adopting quantum-resistant encryption, is critical to safeguarding our most valuable information. Protecting long life data should be a priority to start today.

Post-Quantum Cryptography Standards and Algorithms

The good news? Solutions are already here. The National Institute of Standards and Technology (NIST) began preparing for this inevitability in 2016. Their rigorous, multi-year standardization process has resulted in several post-quantum cryptographic algorithms designed to withstand quantum attacks. These include:

  • CRYSTALS-Kyber (key encapsulation): Offers excellent performance with small key sizes.
  • CRYSTALS-Dilithium (lattice-based signatures): Known for its security and efficiency. The most secure and compared favorably to AES-256 stance 20 years ago.
  • SPHINCS+ (hash-based signatures): A resilient backup in case of vulnerabilities in other algorithms. Very light and fast.
  • FALCON (complex multi-stage lattice-based signatures): Efficient, fast, compact, and secure. This algorithm has not been ratified by NIST yet.
  • Hamming Quasi-Cyclic (HQC): Recently added to diversify key encryption. This has been ratified.

These algorithms draw upon diversified mathematical foundations (e.g., lattice-based, hash-based, and code-based cryptography) to ensure resilience. The implementation of this diversity is critical to a robust defense.

Another relevant tangent is the use of RFC8784 (IKEv2). This is taking two keys and mixing them. They can be legacy +legacy, legacy +PQC, or PQC + PQC. Due to the fact that IKEv2 has not been in the wild for long, security by obscurity. This is also how you get PQC (Hybrid) - mixing a legacy algorithm (AES-256) and PQC together.

Governments are leading the PQC charge, with regulatory timelines mandating cryptographic deprecation (currently, AES-256 is not affected) by 2030 and disallowed by 2035. Businesses must align with these standards now to avoid falling behind.

Addressing the Challenges of Transitioning to PQC

For Chief Information Security Officers (CISOs), the transition to Post-Quantum Cryptography (PQC) is one of the most significant challenges in modern cybersecurity. It's not just about updating encryption algorithms—it's a complex, multi-layered process that requires careful technical, strategic, and organizational planning. The emergence of quantum computing threatens to render current cryptographic standards obsolete, leaving sensitive data exposed unless organizations act proactively. Below, we dive into the primary challenges of transitioning to PQC and provide detailed guidance on how to address them effectively.

Strategies for a Seamless Migration

1. Understanding Vulnerable Cryptographic Algorithms

The first step in the transition to PQC is identifying where legacy cryptographic algorithms are currently deployed. Algorithms such as RSA, ECC (Elliptic Curve Cryptography), and Diffie-Hellman are foundational to today's encryption, but they aren't quantum-resistant. Quantum computers could break these algorithms with relative ease, potentially exposing encrypted data that was once considered secure.

Focus your efforts on systems that protect sensitive or long-lived data—such as financial records, healthcare data, intellectual property, and government communications. These datasets are at the highest risk because even if they are encrypted today, they could be retroactively decrypted in the future once quantum computers become viable. Implementing quantum-safe cryptography in these critical areas should be a top priority.

Actions to take:

  • Audit Systems: Conduct a thorough audit of your systems to locate where legacy algorithms are being used.
  • Audit Data Criticality: Collaborate with application owners and system architects to determine the criticality (risk of disclosure) of the data being protected.
  • Track Data Retention: Keep track of long-term data retention requirements, as they might dictate faster migration to PQC.

Once the groundwork is laid, a well-executed migration plan must follow. Here are key strategies to ensure success:

2. Building a Comprehensive Cryptographic Inventory

No meaningful PQC transition can occur without a clear understanding of your organization's cryptographic landscape. Building a detailed cryptographic inventory is essential. This inventory should map all cryptographic assets across networks, applications, endpoints, and third-party dependencies. Without it, prioritizing migration efforts becomes guesswork, increasing the risk of overlooking critical vulnerabilities.

This inventory should include:

  • Overall crypto architecture for internal and external PKI and certificate assets. 
  • Encryption libraries and protocols in use (e.g., TLS, IPSec).
  • Keys and certificates, including their use, expiration dates and issuance authorities.
  • Third-party integrations that rely on cryptographic protocols, such as APIs or cloud services.
  • Cloud updates and secure boot.
  • Cryptographic hardware, such as HSMs (Hardware Security Modules) and TPMs (Trusted Platform Modules).

Once the inventory is complete, categorize assets by sensitivity and importance, assigning risk levels to each. This process ensures that migration efforts are focused on the systems and data that are most critical to your organization. This inventory and assessment process informs the organization's strategy and roadmap to address the journey to PQC.

3. Mitigating Supply Chain Risks

Your cryptographic vulnerabilities don't exist in isolation. The vendors and service providers you rely on may also be using outdated algorithms that put your organization at risk. Supply chain vulnerabilities represent a significant challenge in transitioning to PQC, as they are often outside of your immediate control.

To mitigate this risk, start engaging with your vendors early. Seek to understand their plans for adopting PQC and ensure their roadmaps align with your timelines. When negotiating contracts, include specific PQC milestones and requirements as part of the procurement process. For example, you could mandate that vendors provide regular updates on their cryptographic infrastructure and commit to integrating hybrid or quantum-safe solutions.

Practical steps to address supply chain risks:

  • Create a vendor cryptographic risk assessment checklist.
  • Categorize systems by data sensitivity, operational criticality, and exposure level.
  • Address high-priority vulnerabilities first, such as internet-facing systems or those safeguarding long-lived sensitive data.
  • Prioritize working with vendors who have a clear PQC transition strategy.
  • Where feasible, establish mutually beneficial partnerships with vendors to collaborate on PQC adoption.
  • Install systems to look at encryption used and applications that are flowing between these entities

4. Educating Stakeholders and Teams

One of the most critical—yet often underestimated—aspects of transitioning to PQC is addressing the knowledge gap within organizations. Bridging this gap is essential to ensuring a successful migration.

Start by training your security and IT teams on PQC standards, algorithms, and implementation strategies. Familiarize them with hybrid cryptographic solutions that combine classical and quantum-safe algorithms to enable smoother transitions. Additionally, educate executives and business stakeholders about the risks posed by quantum computing. Framing the threat as an immediate concern—especially the risk of HNDL (Harvest Now, Decrypt Later) attacks—can help secure leadership buy-in and ensure the necessary resources are allocated to the transition.

Key actions for education:

  • Host workshops or training sessions on PQC for technical teams.
  • Design systems with flexibility in mind. Decouple cryptographic algorithms from application logic to allow for swift updates as standards evolve.
  • Investigate and strategize legacy to more secure encryption as soon as possible:
  • IKEv2 – key mixing (RFC8784)
  • PQC Hybrid – mixing legacy (existing) with QPC
  • PQC – running NIST PQC
  • Employ configuration-based controls enabling algorithm changes without requiring code rewrites.
  • Investigate Bouncy Castle (bouncycastle.org) for all open source PQC information and strategy/resources
  • Use data-driven presentations to communicate quantum risks to leadership.
  • Standup or have access to PQC enabled PKI for lab and understanding
  • Understanding the QKD and QRNG complexities for supporting applications, routers, switches, and firewalls
  • Develop internal documentation and best practices for PQC adoption.

5. Managing Migration Complexity and Costs

Transitioning to PQC is an inherently complex and resource-intensive process. Organizations must take a phased approach to ensure a smooth migration while minimizing disruptions to ongoing operations. This process can be broken down into three key phases:

Diagnosis:
  • Begin by conducting a full cryptographic inventory and risk assessment to identify priorities.
  • Begin with isolated environments to minimize disruption. Expand to non-critical systems before targeting mission-critical assets.
  • Determine which systems and data are most critical for quantum resistance. Base this mainly on risk to organization.
  • Establish an understanding of your current cryptographic infrastructure, including the compatibility of existing hardware and software with quantum-safe algorithms.
Planning:
  • Develop a detailed roadmap for PQC migration, complete with timelines, budgets, and performance metrics.
  • Include plans for testing quantum-safe implementations in non-production environments before full deployment.
  • Engage with technology vendors and industry partners to align on standards and best practices.
Execution:
  • Start with hybrid cryptographic implementations, combining classical algorithms with quantum-safe counterparts. This approach allows for a gradual transition without immediate disruption.
  • Roll out PQC updates in stages, focusing first on high-priority systems before expanding to less critical areas.
  • Monitor the performance and security of new implementations, refining as needed.

Managing costs is also a critical consideration. PQC migration will require investments in new technologies, staff training, and vendor partnerships. However, the long-term value of securing your data against quantum threats far outweighs the upfront costs.

The arrival of quantum computing marks a defining moment for cybersecurity leadership. This isn't a distant concern—it's a fast-approaching disruption that demands immediate and strategic action. CISOs must move beyond passive awareness and lead with urgency, building the infrastructure, partnerships, and knowledge base necessary to secure long-life data and critical systems against quantum-enabled threats.

The path to post-quantum readiness won't be easy—but it is navigable. By embracing hybrid cryptography, modernizing cryptographic inventories, and aligning with NIST standards, organizations can build resilience before Q-Day arrives. In an era where yesterday's encryption can become tomorrow's vulnerability, the most secure organizations will be those that start preparing today.