Preparing for the quantum era: Safeguarding Australia against future encryption threats

With the annual Military Communications and Information Systems (MilCIS) conference this month, we'll see thoughts from organisations within Australia's defence supply chain on impending threats and challenges. Whether it's staff levels, geopolitical tensions or how to deploy AI, this time of year always brings great discussion of the challenges ahead.

Amongst that discussion, quantum computing tends to be relegated into the 'future theoretical threat' category. However, this approach is breeding a dangerous form of complacency. Quantum computing advances, albeit slowly, from theoretical research to practical implementation each year, and multiple nations have announced significant funding into quantum research in the past 12 months. 

When a breakthrough occurs, the cybersecurity landscape faces significant upheaval. Quantum computers possess the potential to solve complex problems exponentially faster than classical computers. While this promises remarkable progress in fields like medicine, finance, and logistics, it simultaneously poses a grave threat to current cryptographic systems.

The Quantum Threat to Cryptography

Classical cryptographic algorithms such as RSA and elliptic curve cryptography (ECC) form the backbone of modern data security. These algorithms rely on the computational difficulty of factoring large numbers or solving discrete logarithm problems—tasks that are currently infeasible for classical computers within a reasonable timeframe.

However, quantum computers leverage quantum bits (qubits) and principles like superposition and entanglement to perform calculations at unprecedented speeds. Algorithms like Shor's algorithm enable quantum computers to efficiently solve the mathematical problems that underlie RSA and ECC, effectively rendering these cryptographic methods obsolete once sufficiently powerful quantum computers become available.

The National Institute of Standards and Technology (NIST) has recently announced the first post-quantum cryptography (PQC) algorithms, signalling a pivotal shift towards quantum-resistant encryption standards. Such a comprehensive overhaul of security infrastructure means that preparations must start well before quantum computers become mainstream, deploying flexible solutions that can quickly switch to PQC algorithms when the time is right.

Five steps to Quantum Security

For organisations who safeguard private or sensitive data, there are five initial steps they must take to be in a position to defence against the first quantum computers:

1. Encryption Audit

Conduct a thorough audit of all cryptographic systems in use. Identify where classical algorithms like RSA and ECC are deployed—whether in data storage, communications, or transactional processes. 

2. Risk Assessment

Evaluate which systems are most at risk from quantum attacks. Prioritise those handling highly sensitive or long-lived data, such as intellectual property, personally identifiable information, or national security information.

3. Mitigation Plan

Develop a mitigation strategy tailored to your organisation's specific needs:

- Upgrade Existing Encryption: Where feasible, implement hybrid cryptographic solutions that combine classical and quantum-resistant algorithms, ensuring backward compatibility while enhancing security.
- Complete Replacement: For critical systems, consider transitioning entirely to PQC algorithms to eliminate vulnerabilities associated with classical encryption.
- Risk Acceptance: For systems with lower sensitivity or shorter data lifespans, accepting the current risk may be a viable short-term strategy, with plans to upgrade in the future.

4. Solution Evaluation

When selecting quantum-safe encryption solutions, focus on compatibility with NIST's PQC algorithms and the ability to adapt to future advancements such as the CypherNET CN7000. Solutions should offer:

- Crypto Agility: Flexibility to incorporate new cryptographic algorithms as they emerge.
- Performance Efficiency: Minimal impact on system performance and user experience.
- Scalability: Capacity to protect data across various platforms and network configurations.

5. Migration Timeline

Establish a realistic migration timeline that minimises disruption. A phased approach allows for systematic implementation and testing of new cryptographic solutions:

- Immediate Assessment: Begin by identifying and prioritising vulnerable systems.
- Phased Migration: Implement quantum-safe solutions incrementally, starting with the most critical systems.
- Ongoing Monitoring: Continuously assess the effectiveness of new encryption methods and stay informed about developments in quantum computing and cryptography

The Road Ahead

Transitioning to quantum-resistant cryptography is a necessary journey that both defence and non-defence custodians of sensitive data must undertake. The only question will be whether they transition to quantum-resistant encryption proactively or when they are forced to by either regulation or a breakthrough in quantum computing.

By starting preparations now, organisations can mitigate risks and ensure the confidentiality and integrity of their data well into the future. Collaboration between industry, government, and academia will be essential to develop and implement effective solutions.

As the quantum era approaches, proactive measures taken today will determine our ability to secure digital communications tomorrow. Organisations that invest in quantum-safe technologies and strategies not only protect themselves but also contribute to a more resilient and secure global digital infrastructure. The time to act is now, embracing innovation to navigate the uncertainties of the quantum future.