World Quantum Readiness Day
The National Institute of Standards and Technology (NIST) published the first final standards for post-quantum cryptography (PQC) in August 2024. These new standards include three cryptographic algorithms specifically designed to defend against attacks by quantum computers. They are intended to ensure the protection of digital signatures and general encryption and are the result of an eight-year selection and evaluation process.
Quantum computing
With these standards, NIST is responding to the increasing advances in quantum computing, which could be able to break current encryption methods in the next five to ten years. The new algorithms are based on mathematical problems that are difficult to solve for both classical and quantum computers, enabling future-proof encryption.
NIST recommends that organizations start implementing these algorithms now, as the transition to a quantum-safe infrastructure will take time. It also warns that hackers may already be stealing encrypted data today in order to decrypt it later using quantum computers (“steal now, decrypt later”)
Recommendations
In April 2024, the European Commission published a recommendation on the transition to PQC to help EU member states and companies prepare for the threats posed by quantum computing. Companies should take the following steps now:
- Assess current systems: Organizations need to evaluate their existing cryptographic systems and protocols to determine which areas are most vulnerable to future quantum computing attacks.
- Migration planning: It is recommended to develop a clear roadmap for the migration to quantum-resistant algorithms. This includes both technical adjustments and training of staff to be able to handle the new technologies.
- Collaboration and standardization: Companies should work closely with European and international bodies to ensure that the post-quantum cryptography standards introduced are harmonized and interoperable across the EU. This promotes the seamless functionality of systems and services across national borders.
- Proactive integration: It is important to proactively integrate the new cryptographic standards into existing systems instead of waiting for quantum computing attacks to become available. This is crucial for the long-term security of the digital infrastructure.
These recommendations are intended to ensure that Europe's digital infrastructure is well prepared to meet the challenges of the quantum computing era.