With the advent of quantum computers on the horizon, organizations must be prepared to protect their sensitive data from potential attacks. Quantum computers have the power to render current encryption methods obsolete, posing a significant threat to data security. To address this concern, the National Cyber Security Centre (NCSC) has offered valuable insights and recommendations for security leaders to navigate this new era of post-quantum cryptography.
Post-quantum cryptography (PQC) refers to the implementation of cryptographic algorithms and systems that are resilient against attacks from quantum computers. Traditional encryption methods, such as those based on integer factorisation and discrete logarithms, can be easily compromised by quantum computers. To ensure data security, organizations must adopt new strategies and tools.
The NCSC provides the following guidelines to help organizations safeguard their data:
1. PQC Upgrades in Technology Refresh Cycles
Organizations are advised to plan their PQC upgrades to coincide with regular technology refresh cycles. This approach ensures that encryption technology stays up to date and can withstand evolving threats from quantum computers.
2. NIST-Selected Algorithms for General Use
The NCSC recommends the use of NIST-selected algorithms, namely ML-KEM (Kyber) and ML-DSA (Dilithium), for general-purpose encryption. These algorithms have undergone rigorous evaluation and offer a satisfactory level of security for personal, enterprise, and government information.
3. Recommended Security Levels
To strike a balance between security and efficiency, the NCSC suggests using ML-KEM-768 and ML-DSA-65 algorithms. These algorithms provide adequate security measures for most use cases.
4. Use Final Standards
Operational systems should exclusively employ implementations based on final standards. By using the most up-to-date and finalized standards, organizations can ensure the highest level of security against quantum computer attacks.
5. Hybrid Key Establishment Scheme
As a transitional measure towards full PQC adoption, organizations can consider combining a PQC key establishment algorithm with a traditional key establishment algorithm. This hybrid key establishment scheme provides an interim solution while preparing for complete PQC implementation.
It is crucial for organizations to be proactive in their approach to data security and stay ahead of the quantum computing threat. While viable quantum computers are still a few years away, it is essential to have robust measures in place to safeguard sensitive information. By following the NCSC’s recommendations and staying informed about advancements in post-quantum cryptography, organizations can adequately prepare for the challenges of the future.
Q: What is post-quantum cryptography (PQC)?
A: Post-quantum cryptography (PQC) involves implementing cryptographic algorithms and systems that are designed to resist attacks from quantum computers.
Q: Why are quantum computers a threat to data security?
A: Quantum computers have the potential to break current encryption methods, making sensitive data vulnerable to unauthorized access.
Q: What are cryptographically-relevant quantum computers (CRQC)?
A: Cryptographically-relevant quantum computers (CRQC) are quantum computers capable of compromising encryption algorithms used to protect data.
Q: How can organizations protect their data from quantum computer attacks?
A: Organizations can adopt PQC upgrades, use NIST-selected algorithms, follow recommended security levels, employ final standards, and implement a hybrid key establishment scheme as transitional measures towards full PQC adoption.