Learning really hard math today might keep you from being hacked by super-powerful quantum computers 10 years from now.
What happened: The National Institute of Standards and Technology finalized the first post-quantum encryption standards, a big step in the transition to keeping data secure once quantum computers come online.
Catch-up: The reason data is encrypted is so that if someone hacks a computer, they’ll find a jumbled mess of letters and numbers that can only be unscrambled with an algorithm that acts like a decoder key. Right now, that key is a complicated math problem that today’s computers can’t solve, but quantum computers could crack within hours by trying out every possible answer.
How it works: The new standards use much harder math problems based on something called a lattice, which is an infinite set of evenly spaced points. Any algorithm based on it would be nearly impossible to solve without keys pointing to the right co-ordinates.
In Canada: The Canadian Centre for Cyber Security intends to approve the new algorithms after further testing, but still recommends organizations take several steps to prepare.
Why it matters: Updating encryption is a long process, and organizations need to start right away. Even though it’s expected to be roughly 10 years before a viable quantum computer is up and running, previous encryption updates have taken up to 20 years to implement, so some companies may already be falling behind.
- Companies are also vulnerable to “harvest now, decrypt later” attacks, where hackers steal encrypted data and hold onto it until they have a quantum computer that can crack it.
What’s next: Organizations should start by establishing a team to develop a roadmap for the transition project. That includes taking an inventory of encrypted data it manages itself, as well as any that is stored or handled by a third party, and begin talking with those vendors to ensure they will be making their own post-quantum updates.