Will Quantum Computing Change the Way We Use Encryption?

Today, encryption is a cornerstone of our cybersecurity practices. It protects everything from cell phones and SMS messages to financial transactions and intellectual property. At Camelot Secure, we embrace today’s data requirements and embed them into our Secure360 Platform. Secure360 provides end-to-end data encryption that is completely tech-agnostic, meaning it works with your organization’s business software.

However, a new challenge in the complex landscape of encryption has recently emerged, thanks to the advancement of quantum computing. As a provider of award-winning cybersecurity solutions, Camelot has this new quantum computing challenge to encryption squarely in our sights. What challenges lay ahead? Here is the breakdown:

What Is Quantum Computing?

Quantum Computing (QC), invented in the 1970s by David Deutsch, has made significant steps forward in the following decades and has become a viable technology capable of solving complex computational problems. Based on the laws of quantum mechanics, QC is not bound to the restrictions of classical computers, where everything resolves to a 1 or 0. Instead, QC uses “multidimensional computational spaces” to answer nearly impossible questions. It sounds like sci-fi, but it applies to our current computing environment.

How Does QC Fit Into Cybersecurity?

Quantum Computing presents a unique challenge to all cybersecurity efforts because it has the potential to break some of the commonly used encryption standards used today.

Organizations use symmetric or asymmetric keys to encrypt their data at rest or in motion. Symmetric cryptography, like the Advanced Encryption Standard (AES), utilizes a single key to encrypt and decrypt data. In contrast, asymmetric cryptography (RSA) uses a public and private key to encrypt and decrypt data. The two types of cryptography differ in the security they provide based on their bit count (AES typically uses 128 or 256 bits, and RSA keys typically use 1024-2048 bits) and the password strength the key creator uses.

Due to QC’s threat to circumvent almost any encryption, in 2022, NIST introduced several new encryption key algorithms to address the inherent risks posed by QC. Because of the increased complexity of the algorithms used to generate the keys, they are considered QC-resistant (QCR). The new encryption keys mitigate the potential impact of Grover’s Algorithm, which can break AES-128 encryption in seconds today, and Shor’s Algorithm, which will eventually be able to break RSA encryption as QC technology advances.

In short, suitable algorithms and encryption standards could protect us from the future of QC hackers. But deploying them is a different matter.

Putting Up Defenses

Today’s lack of widespread QC availability makes QCR encryption a non-existent priority for most organizations because no perceived threat would require immediate action. Many companies’ IT and cybersecurity teams are already pushed to the maximum and tend to focus their efforts (and budgets) on decreasing current attack surfaces and clearing out the never- ending stream of alarms.

But that’s no reason to delay action. Complacency yields breaches, especially in cybersecurity. If encryption is not updated to match tomorrow’s threats, what’s to stop malicious actors from decrypting all of the non-QCR data in the future? IBM estimates a 1-in-7 chance that current encryption keys will be breakable by QC as early as 2026, and that chance skyrockets to 1-in-2 in 2031. If today’s data encryption isn’t made QCR shortly, companies could see their information harvested or held ransom, damaging an organization’s reputation and ability to operate.

Don’t Let The Bad Guys Outpace You

The best time to upgrade your encryption is before hackers can break it with these new tools—an ounce of prevention is worth a pound of cure, as the saying goes. Part of this prevention is identifying where all essential data resides, how users or systems access it, and the encryption used to protect it. For organizations anticipating the addition of new data sources or applications to their enterprise, part of the planning and encryption selection criteria should include support for QCR encryption.

In addition, companies that develop enterprise applications in-house should also update their DevSecOps pipeline to include the integration of QCR encryption to prevent potential issues and rework in the future. However, the most efficient way to secure a digital perimeter is to hire a seasoned team of experts to assess your cyber defenses and help close gaps.

Camelot can help you build a migration timeline based on your organization’s data retention policies, upgrade your cybersecurity platform to meet oncoming threats, and keep your company operating fully today without sacrificing security tomorrow.