What Should Post-Quantum Cryptography Look Like?

Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that wont break under the pressure of quantum computing power.

As quantum computing starts barreling away from the theoretical world and into the realm of reality, the security community is on a timer. Most experts say that once quantum computers come online,
theyll have the computational powers to easily break modern cryptography
. A
new report out today
from the Cloud Security Alliances Quantum Safe Security Working Group says that security researchers, vendors and enterprises need to start working now if they want to beat quantums cryptographic buzzer.
Considering how long it takes for the IT world to transition to new encryption measures when old ones wear thin, the CSA report warns that the window until quantum reaches widespread adoption - about 10 to 15 years - might not be as long as it seems right now.
Cryptographic transitions take time, often a very long time, the report explains, pointing to the decade-long transition it took to get from 1024- to 2048-bit RSA key sizes, or the move to elliptic curve-based cryptography (ECC). The transition to quantum-resistant cryptography is likely to take at least ten years. It is therefore important to plan for transition as soon as possible, according to the report.
The good news is that researchers have been working on this problem for a long time and theyve got some good ideas on where cryptography should be headed. For example, NIST just last month held a workshop that featured some 80 research submissions in its
Post Quantum Crypography Standardization
initiative. The CSA report offers a breakdown of five of the most promising categories of cryptographic methods that could stand as post-quantum cryptography alternatives.
The five major contending algorithmic classes are:
Lattice-based cryptography,
Hash-based schemes,
Elliptic curve isogenies,
Multivariate cryptography, and
Code-based cryptography.
According to Roberta Faux, lead author of the CSA report, there are pros and cons for each class of algorithm and its going to take some time for researchers, and later, security engineers, to figure out which is best for a workable standard.
For example, she says the community is going to have to have a lively debate to balance out three big trade-offs, namely key size, bandwidth and confidence level.
If you consider code-based schemes, theyve got a fast computational speed and theyve been around so long that theyve got a high degree of confidence from many in the security community. But their key size is large - some might say impractically so, Faux says. Meanwhile, isogeny-based cryptography has got small key sizes but the computation is still expensive and its relatively new so theres less confidence there.
I think the community agrees that we still need more time to investigate the wide range of post-quantum cryptographic algorithms, Faux says, and [to] understand the issues involved in migrating from existing public key cryptography to post-quantum cryptography.
Related Content:
What CISOs Should Know About Quantum Computing
Cisco, ISARA to Test Hybrid Classic, Quantum-Safe Digital Certificates
How Quantum Computing Will Change Browser Encryption

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps