Post-quantum crypto
In the foreseeable future quantum computers will be able to break current encryption. Fortunately new encryption schemes are being developed, that are not vulnerable to known attacks using quantum computers. All organisations should consider phasing out the use of current-generation, vulnerable crypto algorithms, and replacing them with quantum-safe algorithms. Although the exact date when quantum computers will be available is uncertain, most experts agree that the transition to quantum-safe cryptography should best be completed by 2030. Although that seems to be quite a few years in the future, organisations should start preparing for quantum-safe cryptography now. We have a tool to visualise the timeframe: the PQC Visualizer. Try it here.
PQC Visualizer ยปUsing the PQC visualizer
Four milestones are relevant. You can show or hide them using the tickboxes at the top:
- Aware: The start of an awareness campaign in your organisation. Tell your colleagues and management about the risks posed by quantum computers, and the need to transition towards quantum-safe cryptography.
- Started: You organisation started a migration program.
- Quantum-safe: Your organisation completed the migration program. Your data is now resilient to attacks by quantum computers. But your existing data in databases and archives may still be vulnerable if someone managed to obtain a copy. Using a quantum computer, they will be able to undo the encryption and read your data. This is called store now, decrypt later. Depending on the sensitivity of the data, you may only be entirely safe a few years after completing the transition.
- Archive safe: When all your data is finally safe.
As a person responsible for IT or security there are only two "knobs you can twist".
- The length of the awareness campaign. How much time do you need to get everyone in your organisation on board?
- The length of the transition program. Are you well-prepared, or do you have lots of difficult to upgrade legacy systems?
The upper arrow marks when quantum computers will be available. Most experts agree that there is a significant probability that this be by 2030, and most likely before 2040.
If quantum computers become available after your transition program (the yellow arrow) your "new" data will be safe but "old" data that has been intercepted and copied may still be at risk.
If quantum computers become available before your transition program (the yellow arrow) all your data may be at risk.
Exploratory Quantum Impact Assessment
This assessment has been developed by ECP and Quantum Delta NL in cooperation with a large number of companies and institutions. The EQTA is inspired by the successful AI Impact Assessment, and was published in February 2023. The assessment consists of a manual and background information, with a separate form in which you record your steps. More information about the assessment at the Quantum Delta website.
Migration guides
Several institutions are in the proces of publishing migration guides. These guides often give step-by-step instructions on how to run a successful migration programme.
- The European Telecommunications Standards Institute ETSI published a standard for migrating to quantum-safe cryptography: TR 103 619.
- Guidelines for quantum-safe transport-layer encryption, published by the Dutch National Cyber Security Center.
- Prepare for the threat of quantumcomputers, published by the Netherlands National Communications Security Agency.