Quantum Computers and Security: How to Prepare your Business for Long-Term Protection
Quantum computers are considered one of the most exciting technological developments of our time, but they also pose new challenges for IT security. In particular, Cryptographically Relevant Quantum Computers (CRQC) could threaten many of the cryptographic methods used today. In this blog, we explain what CRQCs are, what they mean for companies, and the measures we at Airlock are already taking to keep your systems secure.
What Are CRQCs and Why Are They Relevant?
A Cryptographically Relevant Quantum Computer is a quantum computer capable of breaking specific cryptographic methods, such as RSA or ECDH. These asymmetric cryptographic schemes form the foundation of digital security and are currently the basis for many security measures, including HTTPS connections, digital signatures, and JSON Web Tokens (JWT).
While such quantum computers do not yet exist, experts estimate that their development could become a reality within the next 10 to 20 years. The problem: An attacker could intercept encrypted data today and store it to decrypt later using a CRQC – a scenario known as Harvest-Now-Decrypt-Later. This primarily affects sensitive information such as customer data, authentication information, or business secrets, which are protected by cryptographic methods. Systems that safeguard this data must therefore be prepared for Post-Quantum Cryptography (PQC) well in advance.
Post-Quantum Cryptography: The Answer to CRQC
The solution to this problem lies in Post-Quantum Cryptography (PQC). These cryptographic methods are specifically designed to remain secure against quantum computer attacks. PQC allows companies to make their systems future-proof and resilient by gradually replacing classical cryptographic methods with quantum-safe algorithms.
The development and evaluation of these algorithms are led by standardization bodies such as the National Institute of Standards and Technology (NIST). Two key algorithms are:
- CRYSTALS-Kyber: A quantum-safe approach for key exchange.
- Dilithium: An algorithm for digital signatures.
Hybrid approaches, which combine classical and quantum-safe algorithms, enable a smooth transition. Companies can test PQC early and integrate it seamlessly into their IT infrastructure without compromising the stability of existing systems.
How Airlock Is Addressing CRQCs
Our strategy is based on a forward-thinking approach that prepares our products for the era of Post-Quantum Cryptography step by step.
Proof-of-Concept Build for Airlock Gateway
Since March 2024 (Version 8.2), a Proof-of-Concept Build (PoC-Build) for Airlock Gateway has been available, enabling the evaluation of quantum-safe algorithms like Kyber in a secure testing environment. This build allows our customers and partners to test these new methods in practice and gather valuable insights for future productive use.
The focus is on front-side HTTPS connections, which are particularly vulnerable to Harvest-Now-Decrypt-Later attacks. By supporting hybrid approaches, classical algorithms can be combined with quantum-safe methods, ensuring a smooth transition to Post-Quantum Cryptography.
The build is based on the proven cryptographic library OpenSSL, extended by the Open Quantum Safe Provider. This ensures a future-proof, long-term solution that can already be tested today.
Contact us for more information and inquiries.
A Clear Roadmap for the Future
Our roadmap aims to provide stable and certified PQC algorithms in all relevant components by 2028, two years ahead of the deadline recommended by NIST IR 8547 for phasing out affected algorithms. Progress is closely aligned with developments in cryptographic libraries. We continuously monitor the advancement of CRQCs and adjust our strategies flexibly as needed to always ensure the highest level of security.
Together, One Step Ahead
The era of quantum computers requires new and proactive approaches to IT security. Unlike many past threats, where companies could only react after a successful attack, Post-Quantum Cryptography offers the opportunity to take an active approach and address future risks in advance.
With our PoC-Build and a clear roadmap, companies can take action and gain a significant advantage – staying one step ahead of potential attackers.
Glossary: Key Terms in Quantum Computing
CRQC(Cryptographically Relevant Quantum Computer): A quantum computer capable of breaking or compromising current cryptographic methods (RSA, ECDH, DSA, etc.). These methods are currently the basis for many IT security measures, such as HTTPS encryption or VPN security. We currently assume that such quantum computers do not yet exist, but their development could become possible within the next 10 to 20 years.
- RSA (Rivest-Shamir-Adleman): A widely used asymmetric cryptosystem for encryption and digital signatures. It is based on the difficulty of factoring large numbers into their prime components.
- ECDH (Elliptic Curve Diffie-Hellman): An asymmetric method based on elliptic curves, used for secure key exchange between parties.
- Symmetric Cryptography: Methods where a single key is used for both encryption and decryption.
- Asymmetric Cryptography: Methods that use a key pair—one public and one private—for encryption and decryption.
PQC (Post-Quantum Cryptography): The answer to CRQCs—cryptography designed to resist attacks by quantum computers. PQC includes cryptographic methods specifically developed to remain secure against quantum attacks.
- CRYSTALS-Kyber: A quantum-safe algorithm for key exchange proposed as a standard by NIST.
- Dilithium: A quantum-safe algorithm for digital signatures, also part of the NIST standards.
NIST (National Institute of Standards and Technology): A U.S. federal agency that develops standards for various technologies, including cryptography. NIST leads the standardization of PQC algorithms such as CRYSTALS-Kyber and Dilithium.
- IR 8547: A NIST publication outlining timelines for transitioning from classical cryptographic methods to Post-Quantum Cryptography. According to IR 8547, algorithms like RSA and ECDH should be phased out by 2030 and fully replaced by 2035.
PoC-Build: A Proof of Concept Build for Airlock Gateway, based on version 8.2, which supports PQC for front-side HTTPS.
IT news from Airlock directly to your inbox
The Airlock newsletter keeps you informed about IT security, cIAM implementation and current IT risks.