Discover in this article what measures to adopt against the quantum threat

The world of cyber security is gearing up to face a new kind of cyber threat, with an unprecedented level of effectiveness. In the near future, Q-Day could arrive — the day when a quantum computer breaks current encryption systems for the first time. 

What are the new threats posed by quantum computing? What steps can your organisation already take to prepare?

The shadow of the quantum threat

Quantum computers have infinitely more computing power than our traditional computers. Quantum computing is based on qubits, the equivalent of today's computer bits. Each qubit is capable of existing simultaneously in several states (|0> and |1>) and become entangled with other qubit: in practical terms, each additional qubit exponentially increases the computing power of the quantum computer.

This poses a threat to our current cryptographic mechanisms. In cyber security, cryptography is used to encrypt data and make it unreadable so that cyber criminals are unable to access it even if they manage to steal it. 

In 2024, encryption tools primarily rely on the “RSA” method, which uses a public key for encryption and a private key for decryption and is based on the difficulty of factoring large numbers. Additionally, the “ECC” (Elliptic Curve Cryptography) method is used, which allows for smaller key sizes, thereby reducing computational requirements while enhancing security. 

However, thanks to their computational power, quantum computers can easily and quickly solve the mathematical problems used by these encryption methods. To achieve this, they can rely on quantum algorithms such as the “Shor” algorithm, capable of breaking encryption systems in record time that would otherwise be unbreakable for conventional computers.

The quantum threat thus jeopardises digital trust, which is essential for the security of online transactions, confidential communications, and sensitive data. The obsolescence of current encryption solutions introduces numerous risks for your organisation, including data theft, fraud, and espionage. To preserve digital trust, it is therefore crucial to adopt encryption methods that are resistant to quantum computers.

How to preprare your organisation for quantum computing ?

The risks posed by quantum computers are not inevitable. Post-quantum cryptography provides an appropriate response to these threats. Various research projects are emerging in France to develop post-quantum encryption tools capable of resisting quantum computers.

Among them, the RESQUE consortium, coordinated by Thales, brings together the ANSSI, SMEs and start-ups specialising in communication security and cryptography, as well as the INRIA through six academic institutions: University of Rennes, ENS Rennes, CNRS, ENS Paris-Saclay, University of Paris Saclay and University of Paris-Panthéon-Assas. The consortium's objective is to develop, within three years, a post-quantum encryption solution capable of protecting organisations' communications, infrastructures and networks against cyber attacks from quantum computers.

While research conducted by RESQUE and a host of French and international players continues, organisations can already take steps to prepare for quantum computing. 

Firstly, it is important to emphasise that the ANSSI recommends organisations pursue hybridisation - and not replacement - of their encryption systems: post-quantum algorithms are not yet sufficiently mature to provide complete security. Your organisation can therefore maintain and strengthen its current encryption solutions. 

In addition, CIOs and CISOs can begin mapping critical systems that will need to be prioritised for protection with post-quantum cryptographic mechanisms. 

To assist organisations in preparing and familiarising themselves with the post-quantum cryptography algorithms already proposed by the NIST (National Institute of Standards and Technology), Thales Cyber security is offering an Enterprise Kit. This kit provides businesses with a trusted environment in which to test these encryption keys and observe the impact of their implementation without affecting their operations. Some collaboration and communication solutions are already taking the lead by adapting their level of protection to address post-quantum threats.

In the near future, quantum computers will be able to break current encryption systems. Cyber security players are undertaking significant research to design post-quantum cryptography systems capable of thwarting this threat. Your organisation can already prepare for these upheavals by mapping its critical systems and testing available post-quantum encryption solutions.