The new math: Solving cryptography in an age of quantum

New: Upgrading to a quantum-safe future

There’s good news, though. While upgrading cryptography to protect against the threat of quantum computers requires a comprehensive and widespread effort, given sufficient time, it should be a relatively straightforward operation.

Initial steps include establishing governance and policy, understanding current cryptographic exposure, assessing how best to prioritize remediation efforts across the infrastructure and supply chain, and building a comprehensive road map for internal updates and contractual mechanisms to ensure vendors meet the updated standards.

“The first step to reclaim control over decades of cryptographic sprawl across IT is to leverage modern cryptography management solutions, which empower organizations with critical observability and reporting capabilities,” says Marc Manzano, general manager of cybersecurity group SandboxAQ.¹²

Once these initial steps are completed, organizations can begin updating encryption algorithms. In August 2024, NIST released new standards containing encryption algorithms that organizations can implement. The agency says these encryption methods should withstand attacks from quantum computers by changing how data is encrypted and decrypted.¹³

Current encryption practices encode data using complex math problems that outpace the computing power of even today’s most powerful supercomputers. But quantum computers will likely be able to crack these problems quickly. The updated NIST standards move away from today’s large-number-factoring math problems and leverage lattice and hash problems, which are sufficiently complex to bog down even quantum computers.¹⁴

Large tech companies are already beginning their transition. Following the release of NIST’s updated standards, Apple updated its iMessage application to use quantum-secure encryption methods.¹⁵ Google announced that it implemented the new standards in its cryptography library and will use them in its Chrome web browser.¹⁶ IBM, which has invested heavily in developing quantum computing technology, has integrated postquantum cryptography into several of its platforms, and Microsoft has announced that it will add quantum-secure algorithms to its cryptographic library.¹⁷

In 2021, the National Cybersecurity Center of Excellence (NCCoE) at NIST started the Migration to PQC project. It has grown to over 40 collaborators, many of whom have cryptographic discovery and inventory tools with differing capabilities. The project demonstrates the use of these tools in a manner that will enable an organization to plan for their use. Other collaborators are focused on testing the PQC algorithms for use in protocols to understand their interoperability and performance as they prepare to implement PQC in their products.¹⁸

“An organization needs to understand where and how it uses cryptographic products, algorithms, and protocols to begin moving towards quantum-readiness,” says Bill Newhouse, co-lead for the Migration to PQC project at the NCCoE. “Our project will demonstrate use of the tools and how the output of the tools supports risk analysis that will enable organizations to prioritize what it will migrate to PQC first.”¹⁹