Post-Quantum Cryptography: A Practical Guide - Inside Global Tech

A key benefit of quantum computing is that it may, in the future, enable a very substantial increase in computing power. This could create significant benefits, in the life sciences and financial services sectors (see our prior posts on the potential implications for these sectors here and here). However, it also creates potential risks. In particular, it could lead to the breaking of many of the encryption methods currently used by governments and businesses alike. As commercially-viable quantum computers become an increasing reality, organisations must prioritise “quantum readiness” and specifically migration to post-quantum cryptography (“PQC”).In this post, we set out a brief overview of the main steps that regulators and industry bodies (including the U.S. National Institute of Standards and Technology (“NIST”), the UK National Cyber Security Centre (“NCSC”), and the EU Agency for Cybersecurity (“ENISA”)) have indicated businesses should take to move towards PQC and protect their data and systems from the risks posed by quantum computing.At a very basic level, current state-of-the-art encryption protocols — such as RSA — rely on the multiplication of extremely large prime numbers. Breaking that encryption requires an attacker to identify the large prime numbers that were multiplied together. Using classical computers, “brute force” attacks are extremely unlikely to succeed within any sort of reasonable timetable. However, quantum computers could make breaking this sort of encryption trivial.This threat is not industry specific — organisations across sectors could be vulnerable. For the healthcare sector, medical data is an extremely lucrative target for threat actors, especially given its sensitivity and longevity. For financial institutions, current encryption systems underpin every transaction, transfer, endpoint and protocol, including all online transactions. For governments, encryption is a crucial part of keeping information related to national security, defence and critical infrastructure matters secure.It is likely to be a number of years more until quantum computers are reliable, accessible and of sufficient power to break current encryption protocols. However, legislators, regulators, and industry bodies are already encouraging organisations to move to new cryptography solutions that are resistant to brute force attacks from quantum computers. In particular, organisations should consider:Covington’s Technology and Communications and Privacy and Cybersecurity practices are continuously monitoring developments globally in relation to quantum computing and its implications for cybersecurity. If you would like to discuss anything raised in this blog, or anything related to quantum computing more generally, please do not hesitate to reach out to a member of the team with any inquiries.Paul Maynard is special counsel in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online…Paul Maynard is special counsel in the technology regulatory group in the London office. He focuses on advising clients on all aspects of UK and European privacy and cybersecurity law relating to complex and innovative technologies such as adtech, cloud computing and online platforms. He also advises clients on how to respond to law enforcement demands, particularly where such demands are made across borders.Paul advises emerging and established companies in various sectors, including online retail, software and education technology. His practice covers advice on new legislative proposals, for example on e-privacy and cross-border law enforcement access to data; advice on existing but rapidly-changing rules, such the GDPR and cross-border data transfer rules; and on regulatory investigations in cases of alleged non-compliance, including in relation to online advertising and cybersecurity.Tamzin Bond is an associate in the Life Sciences Regulatory team. Tamzin advises clients in the innovative pharmaceutical, biotech, food, medical device and diagnostics sectors on a range of regulatory matters.Tamzin has experience in the firm’s London and Dubai offices, as well…Tamzin Bond is an associate in the Life Sciences Regulatory team. Tamzin advises clients in the innovative pharmaceutical, biotech, food, medical device and diagnostics sectors on a range of regulatory matters.Tamzin has experience in the firm’s London and Dubai offices, as well as in-house legal experience as the legal secondee to a large international pharmaceutical company.Prior to joining the firm, Tamzin completed her Ph.D. in Chemistry, focusing on the development of targeted molecular imaging probes to assist in the diagnosis and treatment disease, and gained experience working for a clinical phase biotechnology company.In addition to client matters, Tamzin is also a member of Covington’s Diversity and Inclusion Committee and is actively involved in the firm’s Social Mobility Network.