THE TIPPING POINT FOR CRYPTOGRAPHY

As the countdown to the year 2000 began, business and IT executives around the globe held their
breath, hoping that the years of work to locate and expand every truncated two-digit date to four
digits—in every system and every application—would enable global commerce to keep functioning.
The diligent planning and deep investment of time and energy paid off.
In the 18+ years hence, business and technology has accelerated at an astonishing rate, bringing with it
cloud, data analytics, digital platforms and ecosystems, artificial intelligence, microservices, blockchain
and, most recently, the realization of quantum computers.
As exciting as these technology advancements are, the emergence of quantum computing also brings
a new and much larger type of security issue—one that will eclipse Y2K in terms of the scale and scope
of impact on infrastructure and storage, business transactions and platforms, and business-to-business
(B2B) and business-to-customer (B2C) applications.
Put simply, quantum computing presents a direct threat to modern cryptography and crypto systems.
Existing cryptography methods—public key encryption, digital signatures and key exchanges—are on
the verge of extinction because quantum computing jeopardizes the strength of the underlying math.
All three of these methods (public key encryption, digital signatures and key exchanges) are largely
based on Diffie-Hellman, Rivest Shamir and Adleman (RSA) and elliptic curve cryptography. Protection
or cryptographic strength is achieved by making the math problem (such as Integer Factorization and
Discrete Log problems) difficult and cumbersome to solve. However, through the quantum properties of
matter and energy, quantum computing can perform these calculations very efficiently, rendering the
intractable task instantaneously and exposing businesses to threat actors globally.
As such, quantum computing presents a major security challenge that scholars, researchers and
entities like NIST are actively assessing. But this is much larger than an academic issue; NIST estimates it
took approximately 20 years to field the modern public key infrastructure that powers businesses today.
While there are expected efficiencies in adopting new technologies going forward, companies should
not underestimate the scale of the business challenge. Our existing cryptographic methods are the
fabric of commerce, communications, identity and data protection at large—and all must be reviewed
and potentially updated to continue conducting business safely and securely in a post-quantum world.