Navigating the Shift to Post-Quantum Cryptography

According to an article in Cybersecurity Magazine, quantum computing is poised to revolutionize cryptography, raising concerns for traditional cybersecurity systems. Although quantum computers are still expensive and impractical, the development of affordable versions is looming. Security experts warn that encrypted sensitive data has already been stolen and stored for use when extortionists have quantum capabilities. Businesses need to prepare for what will inevitably transpire with post-quantum cryptography.

For example, “verify now, forge later” can be a concern. When a manufacturer delivers a signed software update with a traditional algorithm, a hacker with quantum capability could later break the signature algorithm and provide their own software update while forging the manufacturer’s signature.

It’s been two decades since Shor’s algorithm solved the mathematical problem that was perceived as so complex that it could form the backbone of traditional asymmetric cryptography algorithms—RSA and elliptic Curve Cryptography—that make modern protection mechanisms like transport layer security or data encryption possible.

This was not considered a serious cybersecurity threat given that it required the use of a quantum computer, but steady progress in quantum computing has made it increasingly plausible.

The National Institute of Standards and Technology initiated a competition in 2016 to create quantum-resistant cryptography algorithms. By 2024, five post-quantum cryptography standards emerged, providing a roadmap for future-proof encryption. NSA’s CNSA 2.0 guidance also outlines best practices for vendors in national security systems, although the transition involves challenges with algorithm complexity, performance, and hardware requirements.

Law firms should advise clients on post-quantum cryptography readiness, especially in industries handling sensitive data. Ensuring vendor compliance with new standards, supporting the hybrid transition phase, and securing hardware infrastructure are critical. Understanding quantum-resistant cryptography is essential to help clients mitigate future legal and security risks tied to data breaches.