Post-quantum cryptography: Are we ready to protect our data against quantum computers?
Discover in this article, how to protect your data against quantum computers
The development of quantum computers represents a major technological advance, with considerable implications for the security of our information systems. With their complex and ultra-fast computing capacity, these machines are a direct threat to the cryptographic algorithms that protect our communications, financial transactions and sensitive data. Faced with this threat, which could materialise as early as 2030, the post-quantum cryptography (PQC) market is expanding significantly. In addition, around 80% of security support and consultancy providers are developing a commercial offer dedicated to post-quantum transition. This article explores the quantum threat, the foundations of post-quantum cryptography, and the issues and strategies involved in the transition to these new technologies.
1. The quantum threat: A challenge for security
Quantum computers exploit the principles of quantum physics, in particular superposition and entanglement, to process information. Unlike traditional computers, which use bits (0 or 1), quantum computers use qubits. Superposition allows a qubit to be both 0 and 1 until it is measured, while entanglement creates an instantaneous link between two qubits, regardless of distance.
This processing power poses a direct threat to asymmetric cryptographic systems. The security of these systems is based on the difficulty of factoring large numbers or solving discrete logarithm problems. If a sufficiently powerful quantum computer were to be developed, it could break these encryption systems in a matter of hours. This will compromise the security of sensitive communications, financial transactions, personal data and critical infrastructures.
Cybercriminals are already anticipating this threat by storing encrypted data in the expectation that they will be able to decrypt it later using future quantum computers. It is therefore critical to prepare for this threat now by adopting post-quantum cryptography solutions.
2. What is post-quantum cryptography?
Post-quantum cryptography (PQC) provides a response to this threat. Its aim is to develop cryptographic algorithms capable of withstanding quantum attacks, while ensuring compatibility with conventional infrastructures. Unlike quantum cryptography, which uses quantum properties to secure the transport of information, PQC is based on complex mathematical problems that quantum computers cannot solve efficiently.
To standardise these algorithms, the National Institute of Standards and Technology (NIST) is encouraging the use of approaches such as CRYSTALS-Kyber for key exchange and CRYSTALS-Dilithium for digital signatures. It is essential to comply with the standard parameters and aim for the highest possible NIST security level.
The importance of PQC lies in its ability to protect communications and sensitive data in a context where quantum computers will become increasingly powerful. Post-quantum algorithms can be deployed using methods similar to those used for traditional encryption, making them easy to integrate.
3. Transition issues and strategies
The transition to PQC is a complex process requiring careful planning. One of the major challenges is configuring the new cryptographic systems. Post-quantum algorithms often have larger keys and longer calculation times than their classical equivalents, which can impact performance. It is therefore crucial to audit and adapt current systems to support these new technologies.
A hybrid approach is often recommended to facilitate this transition, combining traditional algorithms with post-quantum algorithms, thereby taking advantage of enhanced security while minimising the impact on performance. Standards bodies such as NIST and ANSSI (The National Cybersecurity Agency of France) are playing a key role in this transition by establishing standards and recommendations for the adoption of PQC.
NIST has also set out a timetable for the transition to PQC, with the RSA-2048 and ECC-256 algorithms to be phased out by 2030 and banned altogether by 2035. This deadline underlines the urgency of preparing now to avoid any future vulnerability.
Post-quantum cryptography is an essential response to the threat posed by quantum computers to current digital security. Organisations must become aware of this threat and prepare for this major technological transition by adopting a proactive approach. International collaboration and the adoption of common standards are essential to ensure collective security in the face of the challenges brought by the quantum era. By acting now, we can turn this threat into an opportunity for innovation and resilience for the future of digital security.