TAIPEI (Taiwan News) — Chelpis Quantum Tech consultant Huang Kuan-tsae (黃光彩) warns that “Q-Day” — a time when quantum computing will render passwords and the prime numbers underlying current encryption technology useless — is as close as 2025.
Speaking at CyberSec 2024 in Nangang Exhibition Hall on Tuesday (May 14), Huang warned the exponential growth in computing power could soon crack passwords and the encryption. This is used to protect personal medical information, banking data, supply chain management, and even national security.
Huang urged both businesses and individuals to take measures to protect their data and computing systems from the threats posed by quantum computers.
Huang said nations such as the U.S., Japan, and South Korea have prepared for quantum computing threats or “Q-Day” through regulations and upgraded standards. For example, the U.S. launched NIST (National Institute of Standards and Technology) SP 800-207 Zero Trust Architecture (ZTA) in August 2020, requiring businesses, organizations, and enterprises that work with the U.S. government to comply with the new standard.
Organizations such as NIST are educating the public about the potential security risks of quantum computing. Huang said the fifth NIST PQC (post quantum cryptography) conference in April urged businesses to upgrade to quantum-resistant algorithms in the next five to six years.
Huang said that as more enterprises prepare for "Q-Day," they must evaluate their existing encryption technologies to determine which algorithms are vulnerable to quantum computer attacks, including traditional RSA, DHKE, ECC, and ECDSA algorithms. After conducting inventory checks and risk assessments, enterprises should consider migrating to quantum-resistant encryption strategies and technologies.
This series of security measures, generally referred to as PQSM (post quantum safe migration), is a complex process involving multiple steps and strategies designed to protect information systems from quantum computing threats. Huang said that it takes time to plan and execute such a strategy, urging organizations to get started and meet post quantum resistant cryptography (PQC) standards.
Huang said undertaking the migration to safer cybersecurity standards is a long-term, intensive effort that will require cooperation between government and industry.
He said enterprises need to be prepared for four different quantum attacks. Huang described these attacks as: steal now, decrypt later (data risk), unauthorized code execution (software risk), TLS protocol conversion (device risk), and data and code usage (digital identity risk).
Huang said that choosing the best defense against a quantum computing attack may take longer than expected, as in-depth research is required. While quantum resistant encryption is the first line of security, integration into existing systems and existing IT infrastructure is also important to achieve scalability.
Huang said post quantum cryptography (PQC) can provide stronger authentication and authorization mechanisms to ensure that only authenticated users and devices can access IT resources.
Huang said enterprises should implement solid PQC architecture to protect infrastructure, communication networks, and blockchain digital assets.