SandboxAQ Publishes Paper in Nature: Transitioning Organizations to Post-Quantum Cryptography
May 14, 2022
Quantum represents the next major computing paradigm shift, and its global impact across industries will be as profound – if not more so -- as the advent of the Internet, the cloud, mobile and other transformative technologies.
Sadly, with each innovative new technological evolution, adversaries and bad actors are never far behind. In fact, they’re usually at the vanguard, creating new approaches to circumvent the cyber defenses that organizations erect to thwart the last threat. But in the case of quantum, adversaries are already way ahead of the curve without ever having seen or touched a quantum computer.
They're not even doing anything fundamentally different – they’re still hacking networks looking to exfiltrate data they can exploit or sell. But now, once they’re inside a compromised network, they’re increasingly looking to exfiltrate and store encrypted data that they will decrypt when quantum computers become more readily available. You can read more about the emerging cyber threat – Store Now, Decrypt Later (SNDL) attacks – that's keeping leaders of the world’s largest corporations and governments up at night in our earlier post, Transitioning to a Post-RSA World.
Every day, though, we are getting closer to being able to protect our most vulnerable information, Intellectual Property, networks, critical infrastructure and more through the use of Post-Quantum Cryptography (PQC), a collection of quantum-resistant algorithms that will replace RSA – the current encryption standard that has served the world well for nearly half a century. Soon, NIST will announce the finalists from its global, multi-year evaluation of numerous encryption algorithms that, starting in 2024, will begin to find their way into new software, hardware, APIs, chips and more than 20 billion connected devices worldwide that need to be made safe.
While this is positive news, adversaries are not going to wait for this to happen – they are going to keep exfiltrating and storing encrypted data. Any encrypted data that falls into their hands is lost to us – those horses have left the barn and there’s no way to get them back. The potential disruption to businesses and governments is enormous (something we’ll cover in a future post).
That’s why enterprises and government entities need to begin the process of migrating to PQC now. The PQC transition is not going to be quick or easy. The discovery process alone – identifying every instance of vulnerable encryption protocols used at every node or endpoint across an organization’s entire global IT architecture – can take several months. Implementing the new quantum-safe protocols could take years. Meanwhile, more horses.
Transitioning to PQC sounds daunting but beginning the migration process doesn’t necessarily have to be. Today, Nature Magazine, one of the most respected and trusted peer-reviewed scientific journals, just published our white paper titled, “Transitioning Organizations to Post-Quantum Cryptography,” which dives deeper into the emerging quantum threat, why organizations need to implement PQC, the migration process and timelines, general recommendations on what to prioritize, and more. Our hope is that the white paper will demystify PQC for cybersecurity decision-makers and give them a starting point for planning their migration strategies. Naturally, we’d be happy to start a discussion about SandboxAQ’s Paradigm suite of PQC solutions and what we’re already doing for leading telco providers, like Vodafone Business and Softbank Mobile; healthcare providers like Mount Sinai Health System; and more.