• Home
  • >
  • Blog
  • >
  • Post-Quantum Cryptography (PQC): The Clock is Ticking

Post-Quantum Cryptography (PQC): The Clock is Ticking

Thoughts From the CEO of Cyberleaf

May 17, 2024

 

Harvest now, decrypt later (HNDL) is an unseen bleeding wound.”

Yup- that is the headline from Qrypt, a company that focuses on providing quantum secure encryption products for Post-Quantum Cryptography (PQC).

As you might know, this is a real threat from the forthcoming advancement and development of quantum computing. An outcome of this is the ability of quantum computers to decrypt existing and ‘non-quantum secure’ encryption algorithms.

“Because quantum computers will eventually be able to decrypt your organization’s data, you are already in trouble right now. The longer you wait to adopt quantum-secure cryptography, the more of your data will later be decrypted and exploited. 

Capturing encrypted data as it travels over the internet has always been easy to do. There just wasn’t much point so long as RSA and other common forms of encryption were expected to remain secure. Now that a range of corporations, governments, and universities are building new generations of quantum computers, we can see that at some point in the future, quantum computers will be powerful and accurate enough to break conventional forms of encryption. That unknown day is often referred to as ‘Y2Q’ ”.

This means the last 47+ years of RSA encryption and related utilization of passwords are all exposed. Within this scenario, is the supposition and reports (none that we can confirm) that China, Russia, and others have been hoovering up data and storing it so that they can decrypt it when they have such quantum computing. While not proven that this is occurring,  it is too easy a task not to do, and the rewards from doing so are enormous.

How serious is this? Very. To be blunt, this will happen. It can be as soon as 12 months or less. IMHO, it is several years (4-8) away based on current advancements and research, but that is for another blog. When it does occur, all data that is not quantum secure will be compromised.

So, what will PQC break or decrypt? Most encryption uses public-key cryptography (PKC) systems that have a public and private key. The complexity of the secret key can be brute forced, and as you may know, the efficiency of the PQC environment is theorized to render such large numbers as insufficient to protect the privacy of the key(s). Subsequently, the brute force work that would take many years to solve can theoretically be done in seconds.

So, what can you do about it now?

NIST is working on a set of standards that will be released shortly. You can read more about it here. In the meantime, companies like Qrypt and others are delivering services with claims of post-quantum encryption capability. We have not vetted this ability and there are many in the space and a constant competition amongst quantum cryptographers to challenge, break, and test these. That is not the subject of this blog, but we will also address this at a later time.

As of this writing, there are six approaches to PQC. They are listed below, and several are generally accepted to be PQC-able. There is great criticism and skepticism of which one to choose (however, wait for the next article). Some cryptographers and quantum researchers are very skeptical of AES for example, as well as various hashes with proofs using classical computing to break these (so, not even using quantum). The fact is that how you apply your encryption is as important as the underlying cryptography.

Approaches to PQC:

  • Lattice-based cryptography (There was a scare just last week that this was broken by the way. A serious peer-reviewed effort showed that this was not the case…just to keep you nervous.)
  • Multivariate cryptography
  • Hash-based cryptography
  • Code-based cryptography
  • Isogeny-based cryptography
  • Symmetric key quantum resistance

Each of these has its proponents and critics. But what else can you do now? Since we are out of space on this blog, follow our link for future resources on our site, and stay tuned for review, analysis, and recommendations on preparing now for a PQC world!

-Adam Sewall, CEO Cyberleaf

 

Access the full Qrypt article here.

 

Related Posts

June 4, 2024

Technical Analysis of Anatsa: An Android Banking Malware Active in the Google Play Store

May 16, 2024

The Threat of Generative AI

May 14, 2024

What is a Deepfake?

Jonathan Meyn

Director of Channel Sales

Jonathan is responsible for the Channel Strategy at Cyberleaf. He has over 10 years of experience in various technology solutions sales leadership roles. He has driven cybersecurity strategy and growth within the nation’s leading managed service providers.

Jonathan has a Communications Degree from Pennsylvania State University.

Brant Feldman

CSO

Brant served in Naval Special Warfare for 11 years.  He separated as a Lieutenant Commander having served at SEAL Team TWO, SEAL Team FOUR, and SEAL Team SIX.  Following his Naval service, Brant joined ADS in 2008 and was ultimately promoted to Chief Sales Officer, where he directed all sales, supplier, and marketing efforts.  His team was comprised of over 200 sales professionals who drove $3.2B in annual sales.  In 2022, Brant left ADS to pursue opportunities in Private Equity.

Brant has a Juris Doctorate from the University of Virginia School of Law, an Executive MBA from the Darden School of Business and degrees in Economics and Government from the University of Virginia.

Will Sendall

CFO

Will served as Chief Financial Officer to various private equity and VC backed high growth technology companies where he managed the financial and operational functions.  Will has also successfully executed multiple debt and equity fundraising processes and led both buy and sell sides of M&A processes.

Will has a MBA from the University of North Carolina – Chapel Hill and a degree in Accounting from Appalachian State University. 

Marshall Howard

Executive Vice President

Marshall is responsible for engineering and project management for Waterleaf. He has over 20 years of executive experience across startup operations and Fortune 500 companies in multiple areas including Operations, Engineering, Technology Implementation, Business Planning/Budgeting, Finance/M&A, Revenue Assurance, and Regulatory Affairs.

Previously Marshall served as a Vice President at T3 Communications, Inc., a Fort Myers, FL-based CLEC and managed services provider. Before joining T3, Marshall served as VP of Network Technology and Business Development at Cleartel Communications (now part of Birch Communications), where he played a major role in acquiring and integrating three other CLECs.

Marshall earned a BS in Physics from Rhodes College, an MSEE from Vanderbilt University, an MBA from Southern Methodist University, and completed post-graduate work in Finance and Economics at Vanderbilt University. In addition, he has earned a Project Management Professional (PMP) certification, and last but not least, he is a Certified CMMC Assessor.

David Levitan

President

David has over 30 years of experience as a telecommunications industry executive, leading technology and services organizations that have designed, built, and maintained fiber and wireless infrastructure across the US and internationally. He has extensive development, product marketing and general management experience operating independent, sponsor-backed, and publicly traded companies.

David’s previous experience includes executive leadership roles in start-up and publicly traded companies. As President of C-COR Network Services, he drove over 30% sales growth through a team of 400 employees delivering network infrastructure services for broadband operators, while also serving as an officer of parent company C-COR, Inc. At Scientific-Atlanta, Inc David held a progression of leadership and executive positions as the broadband division grew from ~$100 million to over $1.5 billion in annual sales. During his tenure he held product management, strategic planning, and general management roles, including overseeing the rapid growth of the company’s largest business unit, and establishing and scaling a unit delivering domestic and international professional services. As Vice President of CableMatrix, David also helped raise $5 million in series A venture funding for a policy management software startup.

David completed his undergraduate work at Cornell University with a BA in Economics and holds an MBA from the Harvard Graduate School of Business. 

Adam Sewall

CEO

Adam has been a successful senior executive and entrepreneur in the telecomm industry for more than 20 years. Adam has demonstrated success in complex technology deployments, as well as strategic planning, corporate development M&A, business development, operations, and general management. This experience also includes several significant liquidity events for shareholders.

Adam has had significant experience in the design, deployment, and operation of fiber, cellular, point-to-point and other communications networks in the US, Asia and SE Asia. Included in these deployments are AMPS, GSM, CDMA/TDMA, spread spectrum, Wi-Max/Wi-Fi and various Metro and long-haul fiber networks.

Prior to Waterleaf Adam was the President and CEO of T3 Communications Inc. www.t3com.net a next generation CLEC based in Florida. He has also held executive management positions in operations, strategic planning and corporate development at T-Mobile and Verizon Wireless.

Adam’s technical background includes work in RF engineering, SDR, mobile s/w development, hardware engineering and telecommunications architecture. His project management and operations background include certifications in project management, GSM/PCS, numerous telecom standards and the successful integration of complex infrastructure as well as global deployments of software and communications networks.

He holds a BS Degree from SUNY and has completed graduate studies in engineering, finance, mathematics and economics at Stevens Institute, Columbia and Pace Universities.