Introduction to Cryptography in the Quantum Computing Era — NIST Standards and Corporate Countermeasures
As quantum computers evolve, today's cryptographic technologies face a crisis. This comprehensive guide covers post-quantum cryptography (PQC) standardized by NIST and the measures companies should take immediately.
Introduction: How Quantum Computing Will Change the Future of Cryptography
Cryptographic technology supports our daily lives in numerous ways—from online banking and e-commerce payments to message app encryption and VPN connections. However, the rapid advancement of quantum computing is now threatening these cryptographic systems.
Since Google achieved quantum supremacy with its quantum computer “Sycamore” in 2019, quantum computer development has accelerated in various countries, including IBM and China’s University of Science and Technology. While current quantum computers have not reached practical utility levels, experts point to the possibility that “cryptanalysis-capable quantum computers” could emerge within 10 to 20 years.
This article provides a detailed explanation of how quantum computing impacts current cryptographic technology, an overview of post-quantum cryptography (PQC) standardized by NIST, and measures companies can take immediately. Many companies learned how to respond during the “Y2K problem” in the 2000s, but this time, a cryptographic overhaul of unprecedented scale is approaching.
The Impact of Quantum Computing on Cryptographic Technology
Foundations of Current Cryptographic Systems
First, let’s understand how modern cryptographic technology functions. There are two main types of cryptography widely used on the internet today.
Public-key cryptography (RSA) relies on the difficulty of integer factorization for its security. For example, determining the original prime numbers from the product of two large primes would take an astronomical amount of time on current classical computers. This is the strength of RSA cryptography.
Elliptic Curve Cryptography (ECC) relies on the difficulty of the discrete logarithm problem on elliptic curves. It achieves equivalent security with shorter key lengths, which is why it has been widely adopted in smartphones and IoT devices.
The Threat of Shor’s Algorithm
The reason quantum computers threaten these cryptographic systems lies in “Shor’s Algorithm,” published by Peter Shor in 1994. Using this algorithm, quantum computers can solve the factorization problem exponentially faster than classical computers.
To be specific, while cracking a 2048-bit RSA key would take tens of trillions of years on current classical computers, quantum computers could potentially crack it in just a few hours. This is not merely theoretical—Google’s quantum computer research team announced advances in quantum error correction in 2022, demonstrating a path toward practical implementation.
The “Y2Q” Problem: The Quantum Version of the Year 2000 Issue
In the security industry, the day when quantum computers can crack cryptography is called “Y2Q” (Year to Quantum). Whereas the Y2K problem involved a date calculation bug, Y2Q concerns the fundamental basis of cryptographic technology.
Importantly, attackers may already be collecting encrypted data today to decrypt it with future quantum computers. Government agencies and companies holding long-term confidential information are already potential targets for such attacks. This is why “Harvest Now, Decrypt Later” attacks are being vigilance against.
What is NIST’s Post-Quantum Cryptography (PQC) Standard?
Background of the Standardization Process
To address these threats, the National Institute of Standards and Technology (NIST) initiated the post-quantum cryptography (PQC) standardization process in 2016. From 82 algorithms submitted worldwide, after rigorous safety and efficiency evaluations, the first standards were announced in 2024.
NIST’s PQC standards remain secure even when quantum computers become practical. More importantly, they work on current classical computers, enabling gradual deployment.
The Four Standardized Algorithms
The post-quantum cryptographic algorithms officially announced by NIST in July 2024 are as follows.
ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) is a lattice-based key encapsulation mechanism. Known as Kyber, it was the first algorithm selected in NIST’s standardization process. Designed for widespread use in key exchange protocols, it has already been implemented in browsers like Chrome and Firefox.
ML-DSA (Module-Lattice-Based Digital Signature Algorithm) is a lattice-based digital signature algorithm. Known as Dilithium, it is designed to replace elliptic curve signatures (ECDSA).
SLH-DSA (Stateless Hash-Based Digital Signature Algorithm) is a hash-based signature algorithm. Known as SPHINCS+, it does not rely on lattice theory, making it highly trusted for security and suitable for long-term signature applications.
FN-DSA (FFT-Based NTRU Digital Signature Algorithm) is an NTRU lattice-based signature algorithm. Known as Falcon, it achieves smaller signature sizes than ML-DSA.
The Importance of Hybrid Cryptographic Systems
For actual implementation, a “hybrid cryptographic system” is recommended during the transition period. This uses both traditional elliptic curve cryptography and post-quantum cryptography, decrypting information only when both decryptions succeed.
For example, Google has been using hybrid key exchange for TLS connections in Chrome since 2022. This ensures that even if traditional cryptography is cracked, post-quantum cryptography continues to provide protection.
Specific Countermeasure Steps for Companies
Step 1: Inventory of Cryptographic Assets
The first step companies should take is to inventory the cryptographic technologies currently in use. Create an inventory from the following perspectives:
- What data is encrypted
- Which cryptographic algorithms are used
- Are key lengths sufficient
- What is the data retention period
- The value and confidentiality of encrypted data
Systems storing long-term confidential data should be prioritized for response. Companies dealing with government contracts will likely face even stricter requirements.
Step 2: Risk Assessment and Prioritization
Based on the inventory results, conduct risk assessment. Consider the following elements for prioritization:
- Higher data confidentiality means higher risk
- Data stored long-term carries greater risk
- Cryptography used for external communications should be prioritized
- Credit card information and personal data require particular attention
Step 3: Developing a Transition Plan
With NIST’s standardization complete, companies now need to develop concrete transition plans. Create plans including the following items:
- Implementation timeline (aim for 3-5 years)
- Required hardware and software updates
- Assessment of internal technical capabilities
- Cooperation framework with vendors
- Construction of test environments
Step 4: Gradual Implementation
Complete transition is difficult, so gradual implementation is practical. Start with the following areas:
Communication encryption: Begin with TLS/SSL updates. Using the latest OpenSSL versions and enabling hybrid mode can improve security without major changes to existing systems.
Digital signatures: Start with software updates and document signatures. SLH-DSA can relatively easily replace existing SHA-256-based signatures.
Key management: Consider implementing key management solutions supporting new algorithms. Many companies will need to update their existing PKI infrastructure.
Step 5: Operation and Monitoring
Continuous operation is necessary even after transition. Observe the following points:
- Ongoing collection of new vulnerability information
- Regular updates to cryptographic products
- Employee education and awareness building
- Adapting to changing compliance requirements
Lessons from the Y2K Problem
Overview of the Y2K Problem
When the year 2000 approached, many systems managed dates using two-digit years, so there was concern that the year 2000 might be recognized as “1900.” Hundreds of billions of dollars were spent on countermeasures worldwide, and large-scale system updates were implemented.
There are many lessons to learn from this experience.
Early Response is Important
During the Y2K problem, companies that started early had smoother transitions. The same applies to quantum cryptography countermeasures. Starting preparation now eliminates the need to rush and allows sufficient testing time.
Effectiveness of Gradual Transition
During Y2K, not all systems were replaced at once; instead, critical systems were replaced sequentially. The same applies to post-quantum cryptography implementation. The hybrid method allows for gradual security improvements.
Cooperation with Vendors
Software vendor cooperation was essential during Y2K responses. Similarly, major vendors (Microsoft, Google, IBM, etc.) are already preparing for quantum countermeasures. It is important to check the roadmaps of products your company uses.
Future Outlook and Conclusion
Timeline Reconfirmation
According to experts, it will still be several years before quantum computers reach performance levels capable of cracking current RSA cryptography. However, considering “Harvest Now, Decrypt Later” attacks, data protection should begin immediately.
Since NIST’s standardization was completed in 2024, companies can now begin full-scale implementation preparation. Gradual introduction of hybrid systems is expected to begin after 2025, with full migration likely completed around 2030.
Preparing for Technological Evolution
Quantum computing technology is evolving rapidly. New algorithms or attack methods may emerge, so cryptographic systems must be continuously updated.
Companies need to build organizational cultures that perform continuous security updates rather than the traditional approach of “set and forget.”
Conclusion
The evolution of quantum computing presents a major challenge to traditional cryptographic technology. However, with NIST’s post-quantum cryptography standards, a clear path has been established.
The actions companies should take immediately can be summarized in three points:
First, inventory your company’s cryptographic assets and understand the risks. Second, begin gradual implementation of hybrid systems compliant with NIST standards. Third, establish continuous monitoring and update systems.
During the Y2K problem, many companies avoided major damage by taking preemptive measures. The same applies in the quantum computing era. By taking action now, you can protect future security.
Frequently Asked Questions
- **Q: Is current RSA cryptography already dangerous?**
- Current quantum computers cannot crack RSA cryptography, but there is a risk of "Harvest Now, Decrypt Later" attacks. Long-term confidential data should have its protection increased immediately. However, for regular web transactions, RSA cryptography remains secure for the foreseeable future. **Q: Does post-quantum cryptography work on classical computers?** A: Yes, all NIST-standardized post-quantum cryptography algorithms work on classical computers. No special quantum computer is required. Computational costs are higher than traditional methods, but this is expected to be gradually resolved through hardware advances. **Q: By when should companies complete implementation?** A: There is no definitive deadline. However, many companies aim to begin preparation starting from 2024 when NIST standardization was completed and complete migration of major systems within 3-5 years. Companies with government contracts or handling long-term data are required to respond sooner. **Q: What preparation is needed to implement a hybrid cryptographic system?** A: The first step is to update existing TLS/SSL libraries and use software versions that support hybrid mode. OpenSSL 3.0+ and the latest browsers like Chrome support this. As professional advice, it is important to work with cryptography-experienced technicians and conduct gradual testing.
Comments