Migration to Quantum Encryption Begins Today: How Leveraging Quantum-Resistant Certificates Can Help

In recent years, quantum computing has been one of the buzzier technologies to step into the spotlight. For those who might be unfamiliar, quantum computing – which draws upon principles of quantum physics to perform calculations in new ways – is like today’s computing, but for some use cases: faster, stronger, and more powerful. Especially when it comes to cryptography.

Due to its ability to solve certain complex problems much more quickly than traditional computers, quantum computing has many potentially transformative real-world applications in areas ranging from chemical and biological engineering to artificial intelligence and financial modeling.

Like any new technology, however, quantum computing imminently opens Pandora’s box of possibilities—not all of them pleasant.

Apocalypse Now?

For over 50 years, public key infrastructure (PKI) has provided the cryptographic foundation for almost all organizations to secure devices and the people using them. A quantum computing future means the existing cryptographic algorithms that keep sensitive data private and secure – like the RSA standard that is used for most of today’s PKI – will be easily broken and effectively rendered useless in just a few short years.

How serious is this turn of events? Pause for a moment to consider the amount of encrypted data a typical financial institution manages or the volumes of personally identifiable information (PII) and personal health information (PHI) a healthcare provider has on hand – to say nothing of the sensitive material a government agency or defense contractor might be holding. The potential impact of this looming cryptographic loophole is so severe that it’s sometimes called the Quantum Apocalypse.

To have a seamless transition into this quantum future, companies need to embrace new security approaches that utilize quantum-resistant cryptography at the foundation. And when it comes to PKI and Certificate Authorities, hybrid digital certificates will be the way forward to enable organizations to support legacy applications, while aligning to a post-quantum future. We are past the point where this is just marketing fluff, as the National Institute of Standards and Technology (NIST) has selected what the world’s post-quantum standards will be. But how do these certificates work, and how best to go about this effort at present?

Identifying Every Person and Every Device

A brief primer on PKI and certificates is helpful here. PKI relies on two sets of keys – one private, and one public – to encrypt and decrypt information exchanged between different parties, without allowing access to unauthorized users.

PKI-based digital certificates are the proven way to establish digital trust for every human and machine identity across an enterprise. Certificates form the foundation that allows for strong proof of the authenticity of every identity (human and non-human) attempting access to a network via PKI and cryptography.

What does this look like in practice? Certificates ensure that the printer you select, for example “HR printer,” is actually the printer sitting in your HR department. They also ensure that “Larry from human resources,” who is logging into his email or accessing a variety of sensitive files is the correct employee and not some nefarious individual hacking in from the other side of the globe. Especially as the world moves to passwordless authentication, digital certificates will continue to act as the security and identity foundation for years to come.

Quantum-resistant certificates serve the same protective function as these traditional digital certificates, with one crucial difference: They employ a different cryptographic protocol and use different underlying mathematical problems and processes that make them difficult to crack via quantum computing.

A Hybrid Approach

Problem solved, right? Don’t crack the champagne just yet. As if taming the threat of the quantum apocalypse wasn’t a big enough challenge, there are some additional considerations that need to be kept in mind for any successful quantum preparedness efforts.

Chief amongst these is the fact that quantum computers will not replace traditional binary computers. Rather, both architectures will go on to live side by side, with binary computing serving a number of tasks (i.e. consuming video content) while quantum computers tackle specific use cases where they offer improved performance (such as processing appropriate math-intensive operations).

The fact that both traditional binary computing and quantum computing, along with legacy applications, will all co-exist for the foreseeable future means that enterprises need to have both traditional digital certificates as well as quantum-resistant certificates at the ready.

It is challenging to catalog the full set of applications, use cases, SaaS offerings, and devices that would completely fail in the absence of these traditional elements of PKI, but suffice to say, it’s a very large number. For a cryptographic algorithm to prove suitable in the post-quantum world, it will need to be compatible with the vast range of software, hardware, and services we depend on today.

Fortunately, it’s possible to deploy hybrid certificates that have both traditional and quantum-safe keys and signatures. These hybrid certificates enable a migration path for systems with multiple components that cannot all be upgraded or replaced at the same time. This type of hybrid approach allows organizations to transition from traditional public-key cryptography to post-quantum cryptography in a more manageable way, allowing the security transition to take place ahead of quantum computing being unleashed in mainstream society.

The Stakes Are High

Digital certificates are a foundational part of today's enterprise environment, providing the identity-based authentication, digital signatures, and encryption that countless organizations require to keep data safe. All these layers of protection will be for naught, however, without the deployment of quantum-resistant certificates that can withstand the frightful number-crunching power of quantum computing.

Switching to quantum-safe cryptography solutions that can work in tandem with traditional digital certificates is a necessity for organizations to minimize the chance of a potential security and privacy disaster down the line. The stakes are simply too high not to jump start the transition.