Encryption forms the backbone of digital security and protects sensitive data from unauthorized access.
Many of the current security mechanisms have proven their worth over the years but are now facing a fundamental challenge: the emergence of quantum computers.
CIO/CISO at GTT Communications.
The development of quantum-resistant cryptographic algorithms is therefore a top priority for companies, governments and research institutions worldwide.
Even in a world with quantum computers, these new encryption methods should offer reliable protection and lay the foundations for future cybersecurity. It’s time for a closer look at this topic.
Why traditional cryptography is vulnerable
Encryption methods such as RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography) are based on mathematical problems that are practically unsolvable for conventional computers without the right key.
The problems are deliberately chosen so that traditional computers cannot solve them. Quantum computers change the starting position dramatically, as they can solve even the most challenging mathematical problems far more easily.
Experts estimate that functional quantum computers with sufficient computing power could be available in the next ten years.
However, the “harvest now, decrypt later” scenario is currently problematic today: attackers are currently collecting encrypted data in the hope of being able to decrypt it later using quantum technology.
For information that must remain secret for many years, the switch to quantum-safe methods is therefore crucial.
Different approaches for the post-quantum era
Quantum-resistant cryptography takes a different approach to previous solutions: it encrypts based on mathematical problems that are so complex that even quantum computers cannot easily solve them.
The encryption uses structures with multidimensional labyrinths or grids. Even with the additional computing power of quantum machines, this simply cannot be solved.
There are various approaches competing for the best solution in post-quantum cryptography. Classic McEliece, for example, uses coding theory as a basis offering high security.
However, this requires very large keys that are not suitable for every situation. SPHINCS+, on the other hand, relies on hash functions and transforms data into digital fingerprints. The approach is extremely secure but works more slowly than other methods.
Other approaches such as HQC, BIKE and Rainbow are being researched for specific scenarios. Some of these are better suited to small devices such as sensors, while others are designed for highly secure applications like banking systems.
Standards as a guide for the industry
The National Institute of Standards and Technology (NIST) has established an important approach with the initial standards for post-quantum cryptography: CRYSTALS-Kyber (known as ML-KEM) and CRYSTALS-Dilithium (known as ML-DSA).
Both were developed as dedicated standards for quantum computers but follow different paths. ML-KEM helps two parties to securely share a secret key.
This is comparable to agreeing on a new, unbreakable password via an open channel. In contrast, ML-DSA is used like a signature under a letter to digitally confirm that a message really comes from the person specified.
Both systems work with complex mathematical labyrinths on a lattice basis and deliberately add random noise to make the puzzles even harder to solve. They are designed to withstand attacks from future quantum computers and work efficiently on modern hardware.
However, they require even larger amounts of data with larger keys and signatures. And that means more information for communication and greater demands on computing power.
Challenges for implementation
The transition to quantum-resistant cryptography brings with it both technical and organizational challenges that cause problems with older systems. In addition, many companies face the problem that they do not have a complete overview of where and how they use encryption.
Successfully overcoming these challenges requires a systematic approach. Companies should first conduct an audit to capture all current encryption practices. Close collaboration with technology partners and providers is essential. Building crypto-agile systems is an important foundation.
These can change encryption methods without major overhaul. At the same time, teams need to be trained regarding these new approaches so that everyone is aware of the changes.
Policies and transformation
Governments and international organizations play a key role in promoting quantum-resistant cryptography. Globally, organizations and governments are working together to create future-proof standards.
NIST and European bodies such as ETSI (European Telecommunications Standards Institute), ENISA (European Network and Information Security Agency) and the UK's NCSC (National Cyber Security Centre) are leading these efforts.
Countries such as Japan and Canada are also making important contributions as well. All of this helps to ensure that new security standards are robust and accepted worldwide.
Regulatory developments are increasing the pressure on companies to act promptly. In the US, executive orders are urging federal organizations to prepare for future quantum threats.
In Europe, officials recommend that the migration to quantum-safe encryption should be completed by around 2035. Companies will soon have to follow specific guidelines to protect their data.
Stronger security through AI
By combining artificial intelligence with quantum-resistant cryptography, cyber security can be significantly improved. AI systems can continuously search for weak points in encryption. They also help to optimize and manage encryption processes for maximum efficiency. This allows attack patterns to be tested and security gaps to be found.
By combining AI with quantum-safe encryption, organizations can create dynamic, self-improving security systems that adapt to emerging threats. Together, these technologies make it possible to develop proactive defence mechanisms.
Change as a strategic opportunity
Quantum computers mark a historic turning point in cyber security. For the first time in decades, companies must rethink their security measures and at the same time seize the opportunity to future-enable their cryptographic infrastructure.
This transformation goes far beyond a simple algorithm change: it requires a new understanding of risk management in a world where traditional mathematical security no longer applies.
The key to success lies in strategic preparation. Companies that develop crypto-agile architectures today and train their teams accordingly will be able to respond to technological breakthroughs tomorrow.
This offers a rare opportunity to not only maintain security, but to improve it - for those who want to actively shape change rather than passively endure it.
We've featured the best endpoint protection software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.