Migrating to quantum-resistant cryptography: why you should start now

Author: Arnaud DUFOURNET, Chief Marketing Officer

Before leaving the French national cybersecurity agency, ANSSI, Guillaume Poupard reiterated in his annual review that 80% of its work involved combating espionage of critical systems. Media coverage of ransomware attacks has caused us to overlook the fact that many attacks are aimed at stealing industrial secrets or purloining data, which could jeopardize a country’s national security.

The United States has decided to react to the threat posed by harvest now, decrypt later (HNDL)* attacks, starting now. In securing the passing of the Quantum Computing Cybersecurity Preparedness Act in December 2022, Joe Biden compelled federal agencies to identify, by the end of May 2023, the mission-critical cryptographic systems that urgently need to be migrated to quantum-resistant cryptography. European nations would be well advised to take their cue from Biden’s administration.

Two levels of threat

There are two levels of threat associated with quantum supremacy. The first is a “phantom menace,” to repeat the term employed by Olivier Ezratty. We have known since Peter Shor’s work in 1994 that an algorithm exists that can be used to solve the mathematical problems on which RSA and elliptic-curve cryptography are based. This phantom menace will only materialize on the day a quantum computer emerges with sufficient qubits to run this algorithm without errors. On that day, all internet communications will instantly find themselves devoid of protection, as will a good number of security architectures based on public key cryptography. It remains very difficult to predict when Q-Day**, as some experts call it, will arrive. However, governments’ desire to see it is very strong, and significant technological progress is being made at a regular pace.

Quantum day

The second threat is real, already visibly operational. HNDL attacks are happening now, and not just on national infrastructure. All sectors processing data with a long lifespan (greater than 10 years) should already be concerned about this threat.

The defense, energy, healthcare, finance and insurance, public services, automotive, shipbuilding, aviation, telecoms, and IT sectors among others spring immediately to mind. For such sectors, the challenge is to start protecting their sensitive data now, and not wait until Q-Day.

One sector that has seen the danger coming is banking. In March 2022, the Financial Services Information Sharing and Analysis Center (FS-ISAC), a professional body with members in more than 70 countries, formed with the aim of sharing information to protect against cyber risks in the financial services sector, published a report underlining the quantum threat and the need to have a plan to migrate to quantum-resistant cryptography. Various central banks, including the European Central Bank, have already started on PoC, to start to get used to the idea of protecting data transmissions with quantum-resistant cryptography.

Why now?

The answer is fairly simple: because a race against time is underway, and the resulting migration projects will be very lengthy affairs. Experience shows that it takes several years, potentially as long as a decade, to migrate cryptography systems (hardware, software, and associated services) when they either use RSA or are based on elliptic curves (ECDH and ECDSA).

The first step in a migration project, i.e. taking an inventory of all the cryptography technology used by an organization, can prove tedious and time-consuming. This step includes mapping these technologies, compiling a list of the applications and software that use them, documenting the reasons for their use, and identifying all the suppliers involved. The next step is to examine the data passing through these systems to assess how sensitive—and critical—the data streams are, so as to establish your priorities as the final step.

The whole exercise will bring its fair share of surprises and unknown factors. Microsoft suffered its own bitter experience of this in 2013. Working under a hypothetical scenario that RSA had been cracked, Microsoft examined the extent to which cryptography was used in Windows 7. The findings were instructive: 70 situations were found where RSA was used with no explanation why. It is difficult to replace something when you don’t know what it is for.

No more reason to wait

Organizations have everything they need to start their migration projects. First of all, operating procedures are available. ANSSI has shown the path to follow to protect yourself against the quantum threat, recommending the hybridization of systems, i.e. the gradual introduction of quantum-resistant algorithms combined with the use of the current algorithms.

However, it is not the only cybersecurity agency in Europe to issue warnings about the quantum threat and the measures to be taken. The German Federal Office for Information Security, BSI,has published a crystal clear guide to the subject The EU’s agency, ENISA, published a report in October 2022 on integrating quantum-resistant cryptography. And having just been appointed CEO of the National Cyber Security Centre (NCSC) in the UK, Linda Cameron said in April 2023 during a keynote speech that organizations absolutely had no choice but to prepare to migrate the cryptography systems that keep internet communications, and the digital economy more broadly, secure.

Algorithms reckoned to be resistant to a quantum attack do exist. After six years, and three qualifying rounds, NIST selected four algorithms in July 2022 (three for electronic signatures, one for public key encryption) and plans to publish implementation standards during 2024.

The National Cybersecurity Center of Excellence (NCCoE), a division of NIST, recently kicked off a project called Migration to Post-Quantum Cryptography, the aim of which is to centralize and share best practice within a consortium of around twenty manufacturers and solutions providers. A white paper entitled Getting Ready for Post-Quantum Cryptography: Exploring Challenges Associated with Adopting and Using Post-Quantum Cryptographic Algorithms is freely available on the NCCoE’s website.


One final important point is that the deployment of quantum-resistant algorithms is entirely unconnected to the development of quantum computers. Such algorithms are deployed on existing infrastructure and communication channels, and no major hardware changes are required. They can be run on conventional devices and computers. The hybridization needed can consequently start now.

When we ask CISOs what they know about the issues surrounding quantum-resistant cryptography, the answer is still all too often the same: “I’ve heard of it, but we’re not working on it yet.” A survey of CISOs at American corporations conducted by Deloitte in the summer of 2022 showed that 50% admitted they could potentially fall victim to an HNDL attack. Almost as many, 45%, were hoping to complete their assessment of their exposure to this threat within the next twelve months. One can only hope that their European counterparts share their level of awareness. Unless, that is, the adoption of new European or domestic regulations sparks them into life.

*HNDL: an attack whereby encrypted data (e.g. personal, financial, or health data, intellectual or industrial property) is intercepted today (i.e. harvest now) in the hope of decrypting it in the future using a quantum computer (i.e. decrypt later).

**Q-Day: the day when a quantum computer has the number of qubits necessary to run Shor’s algorithm without error, and therefore cracks RSA keys.

Subscribe to our newsletter