Quantum computing is getting closer, but quantum-proof encryption remains elusive - Network World

The day when quantum computers will be able to break conventional encryption is rapidly approaching, but not all companies are prepared to implement post-quantum cryptography. Credit: Shutterstock Quantum-safe encryption is needed now, even though large-scale quantum computers are still at least a few years away. According to the Government Accountability Office, large quantum computers that will be able to break today’s encryption standards are 10 to 20 years away. But the threat is here already, since adversaries can vacuum up encrypted data in hopes of reading it when quantum decryption arrives, in what are known as “harvest-now decrypt-later” attacks. “Harvest-now, decrypt-later is definitely a risk that is here,” says Kevin Bocek, senior vice president of innovation at CyberArk Software, a cybersecurity firm. Many databases, for example, use risky asymmetric encryption to protect data. But not everything needs to be upgraded right away, Bocek adds. “Access authentication tokens are short-lived and are not at risk,” he says. But financial information, customer data, or trade secrets might need to stay secure for years. There’s a calculation that enterprises can do to estimate the extent of the risk, Bocek says. It’s called Mosca’s Theorem. You look at how long the encryption needs to be secure and add the time it will take to fix the encryption. If that sum is longer than the time it will take for large-enough quantum computers to arrive, that’s the size of your security gap. So, if you expect these computers to become available in seven years, and you need your data to be protected for five years, and it will take you three years to upgrade the encryption —then you’ve got a problem. “If you’re building or deploying IoT devices that are going to live for ten, twenty, or more years, you need to design those to be ready for a post-quantum world,” Bocek says. And quantum computers can be here soon. In 2025, most of the biggest quantum computing vendors announced demonstrations of quantum advantage, and IBM expects industry consensus on definitive progress in 2026. IDC recently predicted that quantum-accelerated supercomputing will be used by the US, EU, and China governments by 2030 for solving 50% of complex defense and science-related problems, including breaking encryption schemes. “Everybody’s well into the belief that we’re within five years of this cryptocalypse,” says Blair Canavan, director of alliances for the PKI and PQC portfolio at Thales, a French multinational company that develops technologies for aerospace, defense, and digital security. “I see it and hear it in almost every circle.” Network World Smart Answers Learn more Explore related questions Which encryption algorithms must be phased out by 2030 or 2035?What are NIST's quantum-safe encryption algorithms for 2024-2025?Why should my organization use a phased approach for post-quantum cryptography migration?How should my organization prioritize data for quantum-safe encryption migration?Who is harvesting my encrypted data for future decryption? Ask Fortunately, we already have new, quantum-safe encryption technology. NIST released its fifth quantum-safe encryption algorithm in early 2025. The recommended strategy is to build encryption systems that make it easy to swap out algorithms if they become obsolete and new algorithms are invented. And there’s also regulatory pressure to act. In September, NIST published a draft of a white paper on migration to post-quantum cryptography (PQC) that aims to help organizations align their migration efforts with established cybersecurity risk management practices. Deadlines are approaching, too. According to NIST, RSA, ECDSA, EdDSA, DH, and ECDH will be deprecated by 2030, and by 2035, they will be completely disallowed.

The European Union has also picked 2030 and 2035 as its PQC deadlines. In June, the EU said that member states should start their PQC transition no later than the end of 2026. Meanwhile, Congress is currently working on the bipartisan Quantum Encryption Readiness and Resilience Act, which is designed to push private companies to adopt PQC. CISA is due to release its PQC category list, which will establish PQC standards for data management, networking, and endpoint security. And early this year, the Trump administration is expected to release a six-pillar cybersecurity strategy document that includes post-quantum cryptography. But, according to the Post Quantum Cryptography Coalition’s state of quantum migration report, when it comes to public standards, there’s only one area in which we have broad adoption of post-quantum encryption, and that’s with TLS 1.3, and only with hybrid encryption — not pre or post quantum encryption or signatures. The situation is even worse on the enterprise side. According to a report released in early December by the Trusted Computing Group, based on a survey of 1,500 industry professionals, 91% have no formal post quantum cryptography roadmap. In addition, eight out of ten say their current crypto libraries and hardware security modules (HSM) are not ready for PQC integration, and only 39% have begun their compliance readiness assessments. On a positive note, more than half said they expected to have at least one PQC algorithm in place in their organization in 2026, and 97% say that they plan to invest some of their cybersecurity budget in PQC over the next 24 months, with most expecting to invest between 6% and 10% of their cybersecurity budget. The single biggest driver for PQC adoption is contractual agreements with customers and partners, cited by 22% of respondents. This is closely followed by industry consortium regulations and mandates, then government regulations and mandates, then publicized quantum security incidents, then vendor certification programs. A similar survey by IBM, released in October, surveyed more than 500 senior executives at large organizations and found that global organizations are at a “low level of quantum-safe readiness.” In addition, the executives surveyed estimate it will take them 12 years to fully integrate quantum-safe standards into their business. The biggest readiness problem right now? Companies don’t know where they use encryption. Cryptographic inventories The first step to fixing a problem is to find out how big the problem actually is. In the case of post-quantum encryption, that means that companies need to take an inventory of the encryption that they are currently using. According to an IBM and Cloud Security Alliance survey of 750 executives released in October, 30% of organizations with annual revenues of at least $250 million have conducted a full cryptographic inventory of their applications, data, and services. And 24% are using this information to guide their remediation efforts. IBM points out that this means that three-quarters of companies are currently flying blind when it comes to their PQC transition. “There is a visibility gap, clearly,” says Biju Mathews, partner at Mphasis, a digital transformation consultancy. “People are using cryptography within applications, within infrastructure components like load balancers and firewalls. Or in databases.” There are new scanning tools that can help enterprises find the encryption mechanisms used by applications or hardware devices, he says. “You need to have an automated way to scan those systems, and that’s the approach that we’re recommending.” For third-party systems, vendors might be willing to provide documentation. “Most of the vendors will be open to telling you what certificates they’re using,” says Mathews. But if there’s no documentation or if the vendors aren’t available, then it becomes challenging. “You have to go the manual way,” he says. Thales’ Canavan says that financial services companies are taking the lead on compiling their cryptographic inventories. “Every single fintech customer I’m working with has an effort under way,” he says. “Two years ago, they were leaning back, or saying, ‘I’m retiring, it’s not my problem.’ But 2026 is coming, which puts us within three to four years of the event horizon.” In 2025, HSBC, together with Thales and Infosec Global, released a report designed to help CIOs, CTOs and CISOs inventory their cryptographic assets. It’s a challenging task. Encryption keys, certificates and encryption algorithms could be embedded in applications, file systems, hardware devices, cloud services, and legacy systems. That makes them hard to locate, HSBC says. Gap between intent and action According to the IBM survey, 73% of organizations have a quantum-safe strategy, but only 19% have set near-term goals. The biggest problem is apathy, says Thales’ Canavan. “Building for the future is always a challenge for organizations,” he says. They tend to think, “I don’t need to do this today, I’ve got other burning things to take care of, quantum is a future problem,” he says. Cybersecurity has more urgent concerns, he says. “A lot of organizations are reluctant followers,” he adds. “They know they have to take care of what’s on their desks now.” There’s also the challenge of getting senior management attention. “Unless you have executive sponsorship, it falls flat,” Canavan says. “It will not get funded. You will have to steal budget from your AI budget to address it, or you’ll do some crypto hygiene just to get by, or focus on the most vulnerable elements of your infrastructure.” Another obstacle to investing in post-quantum encryption is the lack of regulations. Government agencies are publishing timelines and roadmaps, but there isn’t much bite to them yet. “We all know if you have a PCI regulation pushing you to a certain capability, you’ll do it,” says Thales’ Canavan. “But with PQC readiness, there’s no fine for it yet.” That might start changing in the next twelve months, he adds. “I think regulatory bodies will start coming out of the woodwork.” Meanwhile, some people are still unconvinced of the urgency. Somebody else’s problem Quantum computing has been 10 to 20 years away for decades. Is today any different? It’s hard to blame someone for thinking that way. According to ICASA’s recent survey of more than 2,600 security and privacy professionals, only 5% say that PQC is a high business priority for the near future. There’s a lot happening in the business world right now, and by the time quantum computers arrive, someone else will be in charge and they can deal with it. Twenty years, ten years, even five years seems like a lifetime right now. Who knows what the world will even look like then or if jobs will even exist? Plus, who does their own encryption these days, anyway? According to the IBM survey, 62% of executives believe that vendors will handle the PQC transition. And that might move the needle for some organizations, says Thales’ Canavan, but organizations with highly sensitive data, like large financial institutions, aren’t going to rely on blind faith. “Trust but verify is absolutely essential,” he says. HSBC, for example, brought in a big chunk of its vendor community, he says. “All of us are part of their cryptographic center of excellence,” he says. “And are verifying all the scenarios.” Signs of progress In an October report, content delivery network Cloudflare announced that a major milestone had just been passed: More than half of human-initiated traffic on the network is now using post-quantum encryption. In other news, symmetric encryption is already quantum safe. Symmetric encryption is when the same key is used to both encrypt and decrypt data, and it’s commonly used by organizations when they store their data. It’s asymmetric encryption, the kind used for public communications, online purchases, and banking transactions, that is most at risk. Fortunately, TLS 1.3 is here, says CyberArk’s Bocek, and it’s ready for PQC. “We have the ability to perform post-quantum safe key exchange,” he says. “Which is, right now, our best protection against harvest-now, decrypt-later on the network.” Speaking of TLS, another pressing concern is that starting next year, Microsoft, Google, and Apple will enforce certificate lifecycles. “It will go from over a year validity to 200 days in March, and all the way down to 47 days in 2029,” says Bocek. This is actually an opportunity for PQC, he says. If a company modernizes its TLS certificate management process today for PQC, it will also be ready to handle the new certificate lifecycles. “That’s an immediate collateral benefit and a business case that I can make immediately—and making the business case for post-quantum encryption is difficult.” Still, despite the difficulty, companies are beginning to put money towards PQC efforts. Forrester predicts that quantum security spending will exceed 5% of the overall IT security budget next year. “Leaders increasingly understand that the quantum threat is not a distant possibility but a foreseeable event,” says Chris Hickman, CSO at digital trust vendor Keyfactor. “Discussions have moved from awareness to action, focusing on how to gain full visibility into cryptographic assets and prepare for a transition to post-quantum cryptography. This marks a significant change in mindset.