When to Adopt Quantum-Safe Algorithms in Engineering

🔐Word o’ the Day | Year | Decade: Crypto-agility, Baby! Yesterday morning, I did a fun fireside chat with Bethany Gadfield - Netzel at the FIA, Inc. Expo in Chicago. We talked about cyber resilience, artificial intelligence, Rubik’s cubes, and that thing called quantum! A question came up at the end, “What can firms actually do today to begin transitioning to post-quantum cryptography?” So thought I would take the opportunity to share my thoughts more broadly on this important, but not super well understood, topic: 1. Don’t wait. The clock for quantum-safe cryptography is already ticking. NIST released its first set of post-quantum standards last year (https://lnkd.in/esTm8uPw) and CISA put out a “Strategy for Migrating to Automated Post-Quantum Discovery and Inventory Tools” last year as part of its broader Post Quantum Cryptography (PQC) Initiative (https://lnkd.in/evpF4umv). h/t Garfield Jones, D.Eng.! 2. Inventory & prioritize. Map all cryptographic usage: what keys, certificates, protocols, and data streams exist today? Which assets hold long-lived value and are at risk of “harvest-now, decrypt-later”? Build a migration roadmap that prioritizes highest-risk systems (e.g., financial settlement platforms, inter-bank links, legacy encryption). 3. Establish crypto-agility. Ensure your architecture supports swapping algorithms, updating certificates, & layering classical + post-quantum primitives without a full system rebuild. This kind of flexibility is key for resilience. 4. Pilot and migrate. Use the new NIST-approved algorithms; experiment first on less time-sensitive systems, validate performance and interoperability, then scale to mission-critical applications. NIST’s IR 8547 report provides a framework for this transition. 5. Vendor & supply-chain alignment. Ask your vendors & service providers: “What’s your PQC transition plan? When will you support NIST-approved post-quantum algorithms? Are your update paths crypto-agile?” If the answer isn’t clear or (as a former boss of mine used to say) they look at you like a “pig at a wristwatch,” you’ve got a potentially serious third-party risk. 6. Board and Exec engagement. Position this not as an IT problem but a fiduciary risk and resilience imperative. The transition to quantum-safe cryptography is multi-year and multi-layered—waiting until it’s urgent means it will be too late.

The NIST Special Publication 800-131Ar3 (Initial Public Draft) is an important document for organizations managing sensitive information through cryptographic methods. It provides detailed guidance on how to transition from older, less secure cryptographic algorithms and key lengths to newer, more robust ones, especially in anticipation of the potential threats posed by quantum computing. This draft outlines several key changes and recommendations: • Phasing Out Weak Algorithms: The document proposes the retirement of certain cryptographic algorithms, such as the Data Encryption Standard (#DES) and older hash functions like #SHA-1, which are increasingly vulnerable to attacks. It sets a deadline of December 31, 2030, for the retirement of the 224-bit hash functions and states that these algorithms should no longer be used after this date. • #Quantum-Resistant Algorithms: Recognizing the future risk posed by quantum computers, which could break many classical encryption methods, the document emphasizes a shift towards quantum-resistant #algorithms. NIST has already begun standardizing these algorithms, and the publication provides a roadmap for their gradual implementation. The goal is to move from the traditional 112-bit security strength (which may become vulnerable to quantum attacks) to a 128-bit security strength and eventually to quantum-resistant cryptographic methods. • New Standards: This version introduces updates for digital signatures, key encapsulation mechanisms (#KEMs), and key derivation methods. Algorithms like DSA (Digital Signature Algorithm) are being retired, while lattice-based and hash-based digital signatures, which are resistant to quantum attacks, are being recommended. • Security Strength Transition: #NIST plans for a transition to 128-bit security strength for block ciphers and other encryption mechanisms by January 1, 2031. For digital signatures and key establishment, a direct transition to quantum-resistant methods is recommended as soon as those standards are available. This guidance is aimed at government agencies and organizations handling sensitive but unclassified data. It stresses the importance of proactive planning and “cryptographic agility”—the ability to switch to new, stronger algorithms as needed to stay ahead of evolving security threats.

⏳ 𝗤𝘂𝗮𝗻𝘁𝘂𝗺 𝗖𝗼𝗺𝗽𝘂𝘁𝗶𝗻𝗴 𝗮𝗻𝗱 𝗖𝗿𝘆𝗽𝘁𝗼𝗴𝗿𝗮𝗽𝗵𝘆: 𝗧𝗵𝗲 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 𝗜𝘀 𝗦𝗵𝗿𝗶𝗻𝗸𝗶𝗻𝗴 𝗖𝗹𝗲𝗮𝗿 𝗣𝗮𝘁𝗵 𝘁𝗼 𝗖𝗿𝘆𝗽𝘁𝗮𝗻𝗮𝗹𝘆𝘁𝗶𝗰 𝗥𝗲𝗹𝗲𝘃𝗮𝗻𝗰𝗲 The Bundesamt für Sicherheit in der Informationstechnik (BSI) analysis is clear: Quantum computing is progressing steadily toward cryptanalytic relevance. The technical path is established: fault-tolerant Shor algorithms on superconducting systems with surface codes or ion-based systems with color codes. In 2024, key obstacles were removed. Quantum error correction works. Fault-tolerant computation is real. What remains is large-scale engineering. 𝗪𝗵𝘆 𝘁𝗵𝗲 “𝟮𝟬-𝗬𝗲𝗮𝗿” 𝗡𝗮𝗿𝗿𝗮𝘁𝗶𝘃𝗲 𝗜𝘀 𝗪𝗿𝗼𝗻𝗴 Error-correction break-even across several platforms in 2024–2025 invalidates the claim that relevant quantum computers are always decades away. A conservative estimate now points to around 15 years. This matches observed qubit growth and implies that systems with roughly one million qubits could be available in that timeframe, which is sufficient for cryptographic attacks. 𝗔 𝗦𝘁𝗿𝗮𝗶𝗴𝗵𝘁𝗳𝗼𝗿𝘄𝗮𝗿𝗱 𝗦𝗰𝗮𝗹𝗶𝗻𝗴 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 The same result emerges from a modular view. Five years to design a scalable platform. Five years to produce and integrate modules. Five years to operate at full scale and quality. This is a scaling problem, not a scientific unknown. 𝗪𝗵𝗮𝘁 𝗖𝗼𝘂𝗹𝗱 𝗦𝗵𝗼𝗿𝘁𝗲𝗻 𝘁𝗵𝗲 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 Advances in qLDPC codes, error mitigation, and neutral-atom platforms could reduce the horizon further. Ten years is no longer unrealistic. 𝗨𝗻𝗰𝗲𝗿𝘁𝗮𝗶𝗻𝘁𝘆 𝗜𝘀 𝗦𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗮𝗹 Multiple hardware platforms progress in parallel. Companies protect core technology. Some work happens in stealth mode. National security plays a role. A hidden qualitative leap seems unlikely today, but cannot be excluded. 𝗤-𝗗𝗮𝘆 𝗮𝗻𝗱 𝘁𝗵𝗲 𝗛𝗡𝗗𝗟 𝗥𝗶𝘀𝗸 To stay on the safe side, Q-Day planning should assume a horizon of no more than 10 years, especially for nation-state actors and cyber agencies. AI will accelerate engineering, scaling, and cryptanalysis. This increases the risk that Q-Day arrives earlier than expected. The HNDL threat—harvest now, decrypt later—is already active. Sensitive data intercepted today can be decrypted in the future. This affects critical infrastructure, government systems, and industrial communication with long confidentiality lifetimes. Protection must start now. This requires crypto-agile architectures and the early deployment of hybrid schemes combining classical and post-quantum cryptography. 𝗜𝗺𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻𝘀 𝗳𝗼𝗿 𝗖𝗿𝘆𝗽𝘁𝗼𝗴𝗿𝗮𝗽𝗵𝗶𝗰 𝗜𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 Post-quantum migration is no longer optional. Waiting increases risk. 𝗢𝘂𝗿 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 𝗳𝗼𝗿 𝘁𝗵𝗲 𝗗-𝗦𝘁𝗮𝗰𝗸 We at Spherity assessed these risks and transition paths for the German D-Stack, with a focus on crypto agility and long-term resilience: https://lnkd.in/eTJT4erD

As we close out 2024, it’s natural to think about what’s next. For me, one trend stands out above the rest: the urgency of preparing for a post-quantum world. Google's recent Willow chip announcement is yet another indicator that quantum computing is advancing rapidly, and the cryptographic algorithms we rely on to secure digital identities and critical systems are nearing their expiration date. This isn’t just a security concern—it’s a business imperative that impacts trust, continuity, and resilience. Just last month, the National Institute of Standards and Technology (NIST) released its roadmap for transitioning to post-quantum cryptography (PQC). The timeline is clear: by 2030, organizations must be quantum-ready. For business leaders, 2025 will be a pivotal year to take action. Forward-thinking leaders will elevate PQC from an IT initiative to a boardroom priority. Here’s how to lead the charge: 🔑 Understand the risk: Identify which systems, identities, and sensitive data are vulnerable to the quantum threat. 🔑 Educate your board: Build awareness with your leadership team about why quantum-safe cryptography matters—and why it matters NOW. 🔑 Take inventory: Pinpoint where your cryptographic assets live and assess what needs to evolve. 🔑 Develop your roadmap: Create a strategic plan to transition to PQC before the window of opportunity closes. 2025 isn’t the year to react—it’s the year to prepare. The shift to quantum-safe cryptography is inevitable. The question is: Will your organization be ahead of the curve or playing catch-up? I’d love to hear from other leaders—how are you bringing this critical conversation into your boardroom? Let’s share strategies and lessons to ensure we’re all ready for what’s next. #PostQuantum #PQC #CybersecurityLearders #DigitalTrust #Leadership

Post-Quantum VPN Encryption Is Becoming a Necessity, Not a Nice-to-Have Introduction Quantum computing is rapidly approaching a threshold that could render today’s internet encryption obsolete. While this threat may feel distant, experts warn it could arrive before 2030. In response, leading VPN providers are deploying post-quantum encryption to protect user privacy against both future quantum attacks and data being harvested today for later decryption. Why Quantum Computing Breaks Today’s Security • Modern VPNs rely on symmetric encryption like AES or ChaCha20 and public-key algorithms such as RSA and Diffie-Hellman. • Classical computers would need millions of years to crack these systems. • Quantum computers use qubits, enabling them to solve these cryptographic problems in minutes. • Public-key systems used during VPN handshakes are especially vulnerable and could be completely broken. • Attackers are already harvesting encrypted data now with plans to decrypt it later once quantum systems mature. What Post-Quantum Encryption Does • Post-quantum cryptography uses mathematical problems believed to be resistant to quantum attacks. • NIST standardized several quantum-resistant algorithms in 2022, including CRYSTALS-Kyber and related methods. • VPNs adopting PQE replace or augment vulnerable handshake mechanisms with these new standards. • This protects both current sessions and data intercepted today from future decryption. Which VPNs Are Leading • ExpressVPN offers PQE by default through Lightway and WireGuard using ML-KEM. • NordVPN supports PQE via its NordLynx protocol across most major platforms. • Mullvad enables quantum-resistant tunnels by default on WireGuard connections. • All rely on NIST-approved standards rather than proprietary cryptography. Trade-Offs and Limitations • PQE can slightly reduce speeds due to heavier cryptographic operations. • Compatibility issues exist with older devices and certain VPN features. • Not all servers or protocols currently support PQE. Why This Matters Quantum threats will fundamentally break today’s privacy infrastructure. VPNs that adopt post-quantum encryption now are protecting users not just from future attacks, but from today’s silent data harvesting. What is optional today will soon become mandatory, making early adoption a strategic security decision rather than a speculative upgrade. I share daily insights with 35,000+ followers across defense, tech, and policy. If this topic resonates, I invite you to connect and continue the conversation. Keith King https://lnkd.in/gHPvUttw

🚨 𝐓𝐡𝐞 𝐐𝐮𝐚𝐧𝐭𝐮𝐦 𝐓𝐡𝐫𝐞𝐚𝐭 𝐢𝐬 𝐂𝐨𝐦𝐢𝐧𝐠 𝐟𝐨𝐫 𝐘𝐨𝐮𝐫 𝐂𝐥𝐨𝐮𝐝 𝐃𝐚𝐭𝐚-𝐀𝐫𝐞 𝐘𝐨𝐮 𝐑𝐞𝐚𝐝𝐲?🔒 Quantum computing isn’t just a sci-fi buzzword anymore-it’s a game-changer that could unravel today’s encryption standards faster than you can say "Shor’s algorithm." For cloud experts and cybersecurity engineers, this is a wake-up call. The rise of quantum threats demands a new playbook to protect sensitive data in AWS, Azure, and beyond. Here’s the reality: NIST estimates quantum computers capable of breaking RSA-2048 could arrive by 2030. That’s not a distant future—it’s a sprint. Hackers are already harvesting encrypted data for future decryption (yes, "harvest now, decrypt later" is real). So, what can you do 𝐓𝐨𝐝𝐚𝐲 to secure your cloud workloads? 🔑 𝐒𝐭𝐚𝐫𝐭 𝐰𝐢𝐭𝐡 𝐏𝐨𝐬𝐭-𝐐𝐮𝐚𝐧𝐭𝐮𝐦 𝐂𝐫𝐲𝐩𝐭𝐨𝐠𝐫𝐚𝐩𝐡𝐲 (𝐏𝐐𝐂): Transition to quantum-resistant algorithms like lattice-based crypto. AWS and Google Cloud are already experimenting-have you explored their PQC offerings? 🔑 𝐀𝐮𝐝𝐢𝐭 𝐘𝐨𝐮𝐫 𝐄𝐧𝐜𝐫𝐲𝐩𝐭𝐢𝐨𝐧: Ensure AES-256 and TLS 1.3 are standard across your cloud estate. Legacy protocols? They’re low-hanging fruit for quantum attacks. 🔑 𝐙𝐞𝐫𝐨-𝐓𝐫𝐮𝐬𝐭, 𝐀𝐦𝐩𝐥𝐢𝐟𝐢𝐞𝐝: Quantum threats amplify the need for granular access controls. Double down on IAM and MFA to limit exposure. 🔑 𝐒𝐭𝐚𝐲 𝐀𝐡𝐞𝐚𝐝: Join NIST’s PQC standardization discussions or tap into resources like the Cloud Security Alliance’s quantum working group. The clock is ticking. Let’s not wait for quantum computers to rewrite the rules of cloud security. 💡 𝐖𝐡𝐚𝐭 𝐬𝐭𝐞𝐩𝐬 𝐢𝐬 𝐲𝐨𝐮𝐫 𝐭𝐞𝐚𝐦 𝐭𝐚𝐤𝐢𝐧𝐠 𝐭𝐨 𝐩𝐫𝐞𝐩 𝐟𝐨𝐫 𝐭𝐡𝐞 𝐪𝐮𝐚𝐧𝐭𝐮𝐦 𝐞𝐫𝐚? 𝐒𝐡𝐚𝐫𝐞 𝐲𝐨𝐮𝐫 𝐭𝐡𝐨𝐮𝐠𝐡𝐭𝐬 𝐛𝐞𝐥𝐨𝐰! #CloudSecurity #Cybersecurity #QuantumComputing #PostQuantumCryptography #CloudComputing

The era of quantum computing is closer than we think, and it’s going to change the foundations of digital security. NIST’s recent draft publication, NIST IR 8547 (link in 1st comment), outlines critical steps organizations must take to transition to post-quantum cryptography (PQC). Why This Matters Now ⏩ Quantum computers will eventually break traditional encryption algorithms like RSA and ECC. While secure today, these systems won’t be once quantum systems mature. NIST’s Post-Quantum Standards ⏩ NIST has selected algorithms like CRYSTALS-Kyber (for key establishment) and CRYSTALS-Dilithium (for digital signatures) to lead the transition. What Organizations Should Do ⏩ Inventory Cryptography: Assess where and how cryptographic algorithms are used. ⏩ Test PQC Algorithms: Experiment with hybrid solutions combining classical and quantum-safe algorithms. ⏩ Engage with Vendors: Ensure tech partners are preparing for PQC compatibility. Challenges Ahead ⏩ Performance trade-offs: Some PQC algorithms require more computational resources. ⏩ Interoperability: Integrating new cryptographic methods into legacy systems isn’t trivial. ⏩ Timeline pressure: The longer you delay, the harder it will be to catch up. The message is clear: preparation can’t wait. The organizations that start now will be in a much better position when the quantum era fully arrives.

In an era where cyberattacks are increasingly sophisticated and often state-sponsored, where data breaches are measured in millions of records and billions of dollars lost, organizations can no longer rely solely on cryptographic schemes developed decades ago. Traditional algorithms such as RSA and ECC, once considered secure, are now vulnerable; not only to evolving classical threats but also to the emerging capabilities of quantum computing. As quantum computing continues to evolve, even the strongest encryption methods will eventually be compromised. Post-quantum cryptography is no longer a future consideration, it is a necessary shift needing attention today. Organizations must take immediate action to evaluate, adopt, and implement quantum-resistant algorithms securing critical systems and sensitive data before current protections become ineffective. Don’t be lulled into a false sense of security.  The real risk is harvest now, decrypt later.  Data encrypted today, especially long-lived sensitive data can be stored by adversaries and decrypted when quantum computing catches up. #pqc #cisos #dspm #encryption

Quantum computing isn’t “alien tech” but it will feel that way to any organization that stays on the sidelines. Here’s what’s really hiding inside that gold-plated chandelier you’re seeing (the dilution refrigerator that keeps a superconducting quantum processor near absolute zero): 1. Exponential speed-ups are moving from theory to labs that run at-scale. IBM, Microsoft, Google and others are already benchmarking systems in the 100-plus qubit range, with coherent error-correction on the 2030 roadmap. Exactly the horizon where today’s cryptography breaks. 2. The security clock is ticking faster than the hype cycle. The UK NCSC warns that RSA-2048 and ECC could be practically breakable “in the early-to-mid 2030s” and tells enterprises to start post-quantum migrations before 2028. 3. Most enterprises are still unprepared. DigiCert’s 2023 State of Quantum Readiness found that 69% of security leaders acknowledge the risk, yet only 5% have begun implementing quantum-safe encryption fewer than 1 in 20. Why does this matter for AI & Trust? GenAI already powers copilots, agents and customer-facing workflows. If the keys that protect those systems go obsolete overnight, so does the trust we build on top of them. Safety isn’t just filters and red-team drills, it’s crypto agility and forward-looking governance. Key takeaway: Treat quantum the way we treat alignment: design for the inevitable, not the current. What to do next? Map your crown-jewel data paths (models, embeddings, user PII) and flag every place RSA/ECC still reigns. Run a “harvest-now, decrypt-later” tabletop. Assume adversaries are recording traffic today to crack in ten years. Build quantum-safe guardrails alongside your GenAI stack so the moment NIST finalizes standards, you’re ready to flip the switch. The orgs that move first won’t just dodge a crisis, they’ll earn a trust dividend while everyone else scrambles. Ready to stress-test your AI security posture for the next computing wave?