Post-quantum cryptography is nearly here. Why the rush?


Quantum computers will soon be able to crack classical encryption, resulting in a massive leakage of sensitive data and secrets. The international cybersecurity community is rushing to adopt new encryption standards to prevent it.

Encrypted data hasn’t been an attractive target for hackers for many years as there was no market. But, as countries and companies are racing to build fault-tolerant quantum computers, the trend is changing – adversaries are deploying the ‘store-now-decrypt-later’ (SNDL) concept, hoping to take a peek into government and corporate secrets once quantum computers are here.

For them, the era of quantum computing is dawning with the promise to crack classical encryption that we rely on – RSA and ECC protocols. With the world’s fastest supercomputers, it would take around 300 trillion years to break the 2048-bit RSA encryption. A quantum computer would be finished with a similar task in merely eight hours.

Imagine the consequences it might have – adversaries would be able to access the intellectual property, trade, government secrets, customers, patients, and much more sensitive data in mere hours.

While full-scale fault-tolerant computers might be decades away, they pose a threat today. Jack Hidary, CEO of Sandbox AQ, Google’s spin-out, believes it will happen sooner rather than later with dozens of companies and national efforts to build quantum computers, and we need to migrate to quantum-safe encryption protocols as quickly as possible.

“If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use,” the National Institute of Standards and Technology (NIST) claims. It is expected to announce several post-quantum cryptography standards within weeks.

I sat down with Hidary to discuss why the international cybersecurity community is eager to move forward with post-quantum encryption.

Jack Hidary
Jack Hidary

In your latest blog post, you said that "The day is approaching when quantum computers will be able to crack RSA/ECC encryption." What does it mean?

One of our key focus areas is the transition from RSA, an encryption standard used for the last 40 years, to the post-RSA standard. The transition from RSA to post-RSA is very critical for the whole world. It's critical for all the data stored in pharma companies, all the intellectual property (IP) that they have, the molecules they use to create drugs, and the molecules in development. It's crucial for banks that store all the customer data and proprietary trading models. Critical information that has to be kept confidential. We think about telcos and all the communications across their networks or virtual private networks (VPNs). It's critical that we move from RSA to post-RSA. When you and I are on a messaging app, as an example, it might say end-to-end encrypted. Right now, that end-to-end encryption is with RSA, but, unfortunately, RSA and similar encryption methodologies are now vulnerable because of store-now-decrypt-later (SNDL).

SNDL refers to the fact that state-sponsored adversaries, independent adversaries, go into networks, grab encrypted critical information, and then exfiltrate it, store it on their servers, and then hold it for a number of years until they can decrypt it.

That's why the urgency is here now, that's why the world's governments came together six years ago to start identifying the new protocols, and that's precisely what they did. NIST coordinated it, and the good news is that they finished their work after six years. It's been great to see this international, multi-stakeholder process involving European countries, the US, Canada, Asian countries, etc. We will see the first few standards come out for post-RSA within the next few weeks.

How long will it take to move to new standards?

Depending on the organization's size, it would take a few months to do the discovery and inventory. It is a process to use machine learning-driven software to deploy around the network, find all the places where they are using vulnerable protocols like RSA, inventory, and then create a migration plan. Not everything can be migrated at the same time, one should prioritize which part of the encryption to move at what time, and then, once that plan is in place, it would take a few years.

There's no need for fault-proof full-scale quantum computers to use the technology. Are malicious actors already using quantum tools to hack, or are they not there yet?

The good news about the post-RSA protocols developed by the international community is that they run on today's computers, today's phones, today's laptops, and servers. We don't have to upgrade the hardware. We just have to upgrade the software. In terms of quantum computers, there are around four dozen leading quantum computing companies out there, each building different kinds of quantum computers. There's also state-sponsored activity building quantum computers worldwide, and each of those efforts is moving forward. As far as we know, today, hackers are not yet using a scaled quantum computer, but obviously, there's great interest on the part of large-scale and state-sponsored organizations to have access to scaled quantum computers.

Quantum computing

What organizations are most vulnerable to SNDL?

Critical infrastructure, governments, and any IP-rich organization. Examples would be pharma companies and biotech companies. There are thousands of biotech companies worldwide, in the US, Canada, Europe, South America, and Asia. Imagine the IP in those companies, all those compounds they are looking at to develop into drugs. If an adversary had that information, that would be very destructive. IP-rich companies are very important. When we look at other kinds of IP-rich companies, you might have a chemicals company, different manufacturers that have the trade secrets of how they manufacture certain products.

Intellectual property is not just patents. Most IP is not patented. Most IP is held in trade secret form inside the company. If you patent it, you have to disclose it, so 99% of IP in the world is not in the form of patents but in the form of trade secrets kept inside corporations. The famous formula for Coca-Cola has never been patented because they want to keep it secret inside the company. You can imagine the trade secrets of Unilever. You have the critical infrastructure, telcos, banks, energy, and utility companies. These are all very important trade secrets.

So it's a question of national security as well. If that info leaks, could it have geopolitical repercussions?

There are definitely very strong national security implications, and that's why on January 19th, the US federal government came out with the National Security Memo. It directs the federal government agencies that have sensitive information to begin the migration process. The first step is, of course, the discovery process, and they have until July 19th to finish their discovery process and assessment.

Is it a costly procedure to migrate to new protocols?

Thank goodness, it is not that costly, because it is software only. In modern enterprise architecture, RSA is used in modules called APIs and SDKs in software development kits. Once you do the discovery process and assessment, you can just start replacing these APIs and SDKs with upgraded APIs and SDKs.

An example would be, let's say, you are using a mobile app from a bank, and you are doing mobile banking - checking your balance, doing transactions online with your app. This app today is encrypted with RSA. The app developers at the bank would replace the encryption with post-RSA and upload it to the App Store or Play Store, and then the next time to download your app, you have updated to post-RSA. So a very seamless, smooth transition. The issue, though, is timing. It's important that we encourage governments and regulatory bodies to move both private and public sectors along the pathway to transition as quickly as possible.

There are 20 billion devices needing software upgrades – seven billion phones, billions of laptops, servers, data centers, and billions of IoT devices. The sooner we begin this transition, the sooner we can protect these devices and millions of networks, subnets, transaction and payment hubs, and all the stored information containing very sensitive data, IP, or confidential information.

It's also very important to protect companies rich in customer data. Think about hospitals and patient data. Patient data is very highly regulated and protected in every country for a good reason – it is very sensitive. Why would an adversary want this data? This data is valuable because hospitals and clinical research organizations have clinical trial data. If you look at major hospitals worldwide, they host many clinical trials. This clinical trial data is very valuable, and an adversary could use it to develop a drug without the permission of a drug developer who paid for that clinical trial. This data and patient data have to be protected. We anticipate that the definition of HIPA – the law that protects the confidentiality of patient data - will be updated to call for post-RSA encryption.

What about secrets that are already exfiltrated? New protocols won't save them from being decrypted in the future, right?

For that information, it is too late. The fact is that the world produces more data every day than we produced data all year back in the early 2000s. So every day is a new opportunity to protect data. Terabytes of data are produced daily, much of it is very sensitive. Every day that goes by is an opportunity to protect data.

Once hackers can use quantum tools to crack the classical encryption, will we learn a lot of secrets, maybe the Coca-Cola formula?

We have to expect that there will be selling of critical information on the dark web a number of years from now as it gets encrypted. Many hacker organizations wish to do this and leverage the data that they exfiltrated. Other data will not find its way to the dark web because it will be leveraged for geopolitical and national security purposes. Some data will be examined by adversarial intelligence agencies. It depends on the nature of the data. Some will be leveraged for corporate espionage. If you have an adversarial pharma company that gained information about the thousands of compounds being looked at by a company that had been attacked, you may see drugs come out leveraging this IP. Here are the economic, privacy, and national security implications.

When might this happen? When will we see this massive leakage of secrets?

It's hard to say exactly which year this will happen. But what I can say is that there are dozens and dozens of highly competent teams, both inside national governments and independent, well-funded companies with now collectively billions of dollars of investment, building quantum computers. We at Sandbox AQ do not build quantum computers, but there are dozens of very well-funded quantum companies, and there are national efforts to build quantum computers. With all this effort, one can imagine it would be sooner rather than later.