In case you missed it, we hosted a webinar on our paper Transitioning Organizations to Post-Quantum Cryptography (PQC), the topic of the white paper that was published by Nature Magazine in May. The timing couldn't be more relevant, with NIST expected to announce the first of several new PQC standards that will usher in the next evolution in cryptography.
The webinar, moderated by SandboxAQ CEO Jack Hidary, featured several experts in the field of cybersecurity and PQC, including Taher Elgamar, who is universally recognized as the ‘father of SSL'; Tanja Lange, a renown cryptographer, number theorist and Chair of the Coding Theory and Cryptography group at Eindhoven University of Technology in the Netherlands; and our own David Joseph, one of the co-authors of the white paper.
The fascinating conversation covered topics that every large organization needs to know about PQC, including the current and emerging quantum threat landscape, including Store Now, Decrypt Later (SNDL) attacks; strategies to replace current cryptographic technologies with PQC and protect systems against quantum attacks; and the PQC migration process, including what this entails, estimated timelines and benefits.
The catalyst for the whitepaper was born out of differing opinions among quantum computing experts. It became apparent that there was a need for an accessible document for decision makers who needed to understand enough about the various PQC components so that they could make decisions on how to best protect their data now and in the future when error-corrected quantum computers become available.
A key takeaway was that the first step in migrating to PQC is to go through a discovery process, which can (and should) be implemented now. This involves cataloging all the cryptographic technologies across the entire network - every server, application, node, endpoint and device - to find out where the vulnerabilities lie. This helps CISOs prioritize the critical applications or systems they need to migrate first, but also gives them insights on how to re-engineer their entire cybersecurity infrastructure to better protect from traditional and quantum threats.
Another key takeaway: Crypto agility is also needed–the ability of a security system to rapidly switch between algorithms, cryptographic primitives, and other encryption mechanisms without the rest of the system's infrastructure being significantly affected by these changes.
You can find the webinar recording below, as well as on our YouTube. If you have any questions that were not addressed in the webinar, send us an email at firstname.lastname@example.org and we’d be happy to speak with you.
Resources from webinar:
Our paper in Nature, Transitioning Organizations to Post-Quantum Cryptography: It covers recommendations for transitioning your organization
Tanja's 2017 Nature paper preprint, which covers intro to some of the main families of PQC; more theoretical.
ENISA paper referenced by Tanja in webinar