The quantum threat is looming, but we are not exactly sure when it will hit, how serious it will be, or how exactly we should be preparing for it. There is still ongoing development of Quantum-Safe Cryptography, so wouldn't it be better to wait until Post-Quantum Cryptography (PQC) algorithms are more developed? Let's find out.
"Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure. Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing."
Since then, the competition has produced standards that are already gaining widespread use. While not exactly finalized, they already provide better protection against quantum computer attacks. Thanks to the hybrid algorithm approach of combining both classical and PQC algorithms.
The relatively new PQC algorithms can be safely used without having to worry about being compromised by classical computer attacks.
* = National Institute of Standards and Technology, the US government office in charge of cybersecurity standardization
Quantum Safety Now or Later?
The methodical approach to quantum safety is to plan carefully and wait for a sophisticated solution to appear.
Maybe you start a project, spend a year identifying the problems, and another making a plan. That is effectively two years of not being quantum-safe at all. That means two years of attackers recording your weakly encrypted connections.
Defending Key Exchange Is a Low-Hanging Fruit
If your organization is already using the SSH protocol, e.g. for remote administration or secure file transfers, there is a good chance that you can quantum-proof a significant part of your infrastructure. For example, with a simple software upgrade to Tectia Client/Server Quantum-Safe Edition.
Even better, we at SSH provide Crypto Agility, so you will always have the most relevant and secure algorithms in use by default. It is also possible to extend the reach with transparent quantum-safe SSH tunneling or our NQX quantum encryptor, making any connection quantum-safe and allowing you more time to implement service-specific quantum-safe solutions if needed.
There is always a better solution on the horizon, in development. However... if you always wait for the next technological breakthrough, you will never implement anything.
If you can be partially quantum-safe now and with a clear path to fully quantum-safe, why would you wait?
Defending key exchange with SSH's off-the-self Hybrid Key Exchange in Tectia Client/Server Quantum-Safe Edition or NQX into use is a low-hanging fruit on your path to quantum safety.
Jussi has recently joined SSH.com to develop the product vision for the company flagship product, Tectia. He has been on the IT business for more than 20 years, researching, developing and managing products.
Together with our customers, our mission is to secure their digital business on on-premises, cloud, and hybrid ecosystems cost-efficiently, at scale, and without disruptions to their operations or business continuity.