Five Worthy Reads: The growing tide of post-quantum cryptography
Five Worthy Reads is a regular column highlighting five noteworthy articles we've discovered while researching trending and timeless topics. In this article, we're exploring post-quantum cryptography (PQC), which is a rapidly evolving field focused on protecting sensitive data from the future threat posed by quantum computers.
Current digital security relies heavily on public key cryptography to protect sensitive information, secure communications, and verify identities. Public key cryptography is a method of securing information using two keys: a public key and a private key. The public key can be shared with anyone, while the private key is kept secret by its owner.
Today's encryption methods are considered secure because they are based on mathematical problems that would take traditional computers an extremely long time to solve. This makes it impossible for attackers to break the encryption and access protected information.
However, advances in quantum computing could change this. Quantum computers are designed to solve certain types of complex mathematical problems so much faster than traditional computers. As a result, many of the public-key encryption methods that organizations rely on today could become vulnerable. A powerful quantum computer could potentially decrypt sensitive information and undermine many of the security mechanisms used to protect today's contemporary systems.
Although practical quantum computers capable of breaking current encryption do not yet exist, organizations cannot afford to wait. One of the biggest concerns is the risk of "harvest now, decrypt later" attacks. In this kind of attack, attackers intercept and store encrypted data today, even though they cannot currently decrypt it. They do this in the expectation that advances in quantum computing will eventually allow them to break the encryption and access the information.
Post-quantum cryptography (PQC) is designed to address this threat by replacing today's vulnerable encryption algorithms with quantum-resistant alternatives that can withstand attacks from both classical and quantum computers. By transitioning to PQC, organizations can help ensure that data encrypted today remains secure today and in the future.
The following articles provide valuable insights into the fundamentals of PQC, the challenges of migration, and the steps organizations can take to prepare for the quantum era.
1. Draft executive order would set deadlines for digital signature and key quantum encryption
The White House is reportedly preparing an executive order that would require federal agencies and covered contractors to transition to PQC within specified deadlines. Under the draft proposal, agencies would need to adopt PQC for key establishment by 2030 and migrate digital signatures for high-impact systems by 2031. The order would also require contractors working with federal agencies to comply with NIST's PQC standards by 2030.
2. Critical sectors must have quantum-safe encryption, urges task force
A Department of Science & Technology appointed task force has urged India's critical sectors—like government, defence, telecom, power, and banking—to begin transitioning to PQC. The report warns that future quantum computers could break today's encryption, exposing sensitive data and digital systems. It recommends a phased migration, with critical infrastructure expected to adopt PQC by 2029. The task force also addresses quantum key distribution (QKD), a hardware-based approach that uses the properties of light to securely exchange encryption keys.
As quantum computing advances, traditional encryption methods face increasing risk. This article emphasises the urgent need for organizations and governments to adopt PQC to protect sensitive data from future quantum-powered attacks and ensure long-term cybersecurity resilience.
4. PCI embraces Al, post-quantum cryptography to strengthen payment standards
The PCI Security Standards Council (PCI SSC) is advancing payment security standards by integrating artificial intelligence and PQC to address evolving cyber threats. Recognizing the risks posed by future quantum computers to current encryption methods, the PCI SSC is encouraging organizations to begin preparing for quantum-resistant cryptographic standards, improve crypto-agility, and strengthen the long-term security of payment systems and sensitive financial data.
5. Why Your Post-Quantum Cryptography Strategy Must Start Now
The article argues that organizations cannot afford to wait for practical quantum computers before acting on PQC. Because of the “harvest now, decrypt later” threat, sensitive data stolen today could be decrypted in the future. It recommends that organizations begin by creating a comprehensive cryptographic inventory, building crypto-agility, and developing a phased migration strategy to quantum-resistant encryption standards.
Conclusion
The conversation around post-quantum cryptography is rapidly shifting from "if" to "when." With NIST standards now available and industry leaders warning about the risks of delayed action, organizations can no longer afford to treat quantum readiness as a future concern. While large-scale quantum computers may still be years away, the transition to PQC will require significant planning, assessment, and implementation effort. Organizations that begin preparing now will be better positioned to protect their long-term data and maintain security in the quantum era.