Quantum Cryptography

Time to dig into the RSAC Conference notes. It was only three years ago that vendors were warning of Q-day, the day quantum computers could break current encryption, filled the pages of technology publications and even general news outlets. Those warnings are much more muted this year. What happened?

Primarily, the work of NIST solved the issue in setting new standards for encryption. All the post-quantum computing companies, like PQShield and SandboxAQ, are offering encryption products that are more alike than they are different and all are doing good business providing tools and services. We seem to be more than ready for the dreaded Q-Day.

Then, again, the progress on creating an encryption-breaking quantum computer is maddeningly slow. The industry still insists 2029 is the Q day ETA, and it will break military-grade encryption in one week… on a single document. Assuming a nation state that has such a computer has stolen 20,000 encrypted documents, it would take 38 years to decrypt them all. But the number of stolen encrypted documents, although inestimable, is probably orders of magnitude higher. So reality mutes the projections of potential disaster.

The post quantum computing (PQC) industry wants us to believe that Q-day, the day that a quantum computer is right around the corner. It isn’t. But that doesn’t mean what the niche members are working on is worthless. Perhaps the most important task they have is limiting government surveillance of the innocent.

If you don’t already know, Q Day is the day when a quantum computer exists powerful enough to break current military-grade encryption standards. This has been a major disaster predicted by many, not the least being Wired Magazine. Most in the industry claim it will happen in the next decade, if it hasn’t already happened.

Encryption became a hot topic in the news in the past month. The United Kingdom, Sweden, France and the EU are considering requiring “back doors” to encryption protections. The “Signalgate” scandal in Washington, DC started most people asking, “What is this encryption stuff?” So we decided to provide a primer on the state of encryption today.

While the technology behind encryption is complex, it is not new. The basic algorithms have been with us for decades, silently running on devices and servers, invisible to the user. The purpose is basic: to keep data safe from prying eyes, like criminals and nation states.

Encryption is also a good way of saving money and not just in avoiding ransoms. Insurance companies often offer up to 15% premium discounts to businesses demonstrating strong security practices, including proper data encryption. Encryption significantly reduces the risk of data breaches and their associated costs.

t seems like everyone should be concerned, based on the level of urgency the companies present, but in the end, no one has yet built a quantum computer capable of breaking even the most standard 256-bit encryption. To that statement, the industry responds with, “Yet.”

This year, however, the National Institute of Standards and Technology (NIST) issued the first, approved algorithm standards to produce encryptions capable of fighting off quantum computing attacks. So we thought it would be a good idea to put together a batch of experts to explain why the rest of us should care.

The invitation was put out to a dozen experts in the PQC industry, but also to the companies tasked with implementing their products into the internet. Unfortunately, none of the PQC companies ended up accepting the invitation when they learned they would on the same platform discussing their approaches. But we did get acceptances from representatives from the other group. Our final panel was Karl Holqvist, CEO of of Lastwall;; Tim Hollebeek, industry strategist for Digicert; and Murali Palanisamy, chief solutions officer of AppviewX.

The three companies both compete with and complement each other services, but all were active in the development of the standards with NIST. Our conversation is available on our podcast Crucial Tech.

However, there are still questions regarding the urgency, timing, and whether the introduction of quantum computing on an encryption-busting level is even possible in the near future.

The rest of this story is available with a subscription only.

There are many themes arising for the RSA Conference next week including tools and services to protect against originating with unsecured third parties in the supply chain. That is a crucial issue in every industry especially with almost every company doing business with a supplier in the cloud. But the scope of the problem is almost impossible to resolve. The reasons are myriad.

With every Fortune 1000 business and government agency doing business with tens of thousands of third-party suppliers, the odds of finding one chink in the security protocols are very good for the criminals and state actors looking to do damage.

Social engineering can easily bypass the strongest technical defenses. It only takes a single lapse in digital hygiene to open the door to man-in-the-middle attacks, invite malware injections, and launch credential stuffing. It is also the favorite strategy of ransomware gangs.

Ransomware grabs headlines and remains highly lucrative for ransomware gangs. When compared to other forms of cybercrime, however, ransomware is really a minor issue. There are more than 33 million small businesses (under $100 million in revenue) operating in the United States alone representing 99 percent of all businesses. However, according to a study produced by the Black Kite Research and Intelligence Team, less than 5000 of them experienced a successful ransomware attack in the last 12 months...

The end of March marks World Backup Day, a day traditionally designed to raise awareness of the importance of backup and encourage best practices. However, in 2024… Is backup still relevant?

Generative AI platforms have dominated news cycles for much of 2023 and that probably won’t abate in 2024. That isn’t surprising. The technology is spreading through every facet of life. Our lead article from the 2024 predictions issue!

Every year for the past twenty, October has reminded us about the importance of digital security and empowered everyone to protect their data from digital forms of crime. Towards the end of Cybersecurity Awareness Month we’ll take a look back – and ahead.

In the ever-evolving landscape of technology, each year brings a new set of cybersecurity threats that can put your digital life and sensitive information at risk. As you navigate the digital world, staying informed about the latest dangers lurking in the shadows is crucial.

We have partnered with it-sa365, a printed issue of Cyber Protection Magazine will be distributed there. And you can be part of it!

It seems like quantum computing is the core fusion of the tech industry: it’s always only a few years away – but is it? We interviewed Matt Campagna, Chairman of ETSI’s Quantum Safe Cryptography group.

In order to strengthen cybersecurity and reduce business risk, organisations must employ a multi-layered data protection approach to ensure resiliency and recoverability at any point of the data lifecycle.

It’s that time of year for making predictions for the coming year and the team at Cyber Protection Magazine putmore

With Black Friday and Cyber Monday fast approaching, this weekend is gearing up to be the biggest e-commerce event of the year. But, with this popularity comes the increased interest of cybercrimminals who seek to take advantage of retail’s busiest time of the year.

As the Western world continues to deal with the fallout of the COVID-19 pandemic, the war in Ukraine, and resultant economic headwinds, cybersecurity is more important than ever. Here is part 4 of our expert commentaries for Cybersecurity Awareness Month.

September marks the fourth annual National Insider Threat Awareness Month. So, what can organisations do to prevent a cybersecurity incident?

Quantum computing is often in the news, mostly about how it’s going to destroy the world as nation-states bust themore

The NIST announcements about 4 algorithm standards to protect against quantum computing hacks had marketing departments go into overdrive. We decided it’s time to start demystifying quantum cryptography.

Personal identity information (PII) is more vulnerable than ever, so securing it becomes more important. CPM gives an overview of current and future solutions.

The Arqit shareholder fraud lawsuit is pulling back the curtain on the Quantum computing industry. Before it’s over we may see how much is FUD, snake oil and legitimate.