The quantum computing threat to cryptography and Public Key Infrastructure (PKI): an update

The German Federal Office for Information Security (BSI) has released an update to its ongoing study on quantum computing development, revealing significant progress and potential implications for cybersecurity. The report highlights the looming threat that advanced quantum computers pose to current public-key cryptography systems, which form the foundation of our digital security infrastructure. At the heart of this concern is Shor’s Algorithm, developed in 1994 by mathematician Peter Shor, which could efficiently solve complex mathematical problems and potentially compromise existing encryption methods.

The study discusses the current state of quantum computing, including the development of Noisy Intermediate-Scale Quantum (NISQ) computers. While these machines are already available, they are limited by their susceptibility to errors and are viewed as a transitional technology towards more powerful, fault-tolerant quantum computers. To assess the progress and potential impact of quantum computing on cryptography, the BSI has introduced evaluation schemes that consider both hardware and algorithmic advancements.

Looking ahead, the report provides a timeline for the emergence of cryptographically relevant quantum computers. Conservative estimates suggest that machines capable of breaking current encryption methods could be available within 16 years, though disruptive developments could shorten this timeline to less than a decade. While the study notes significant progress in NISQ algorithms, it cautiously assumes they have low relevance for cryptanalysis at present.

Given the rapid pace of developments in quantum computing, including advancements in error correction and new hardware technologies like neutral atoms, the BSI emphasizes the need for continuous monitoring and assessment of the field. This report underscores the growing importance of quantum-resistant cryptography and the necessity for organizations to prepare for a post-quantum world in the coming years.

With many connected embedded devices expected to have an operating life of 15 to 20 years or more, it’s important to consider these future cybersecurity threats when building and managing device security today. One way to protect devices and networks is by adopting a quantum-resilient embedded/IoT security platform. Crypto Quantique’s , QuarkLink, is one example. It was recently upgraded with a post-quantum cryptographic algorithm to protect against the threats described in the BSI study. QuarkLink is an integrated, scalable, platform that cuts the time and expense of implementing all necessary security functions in embedded devices (IoT) and industrial PCs. The new hybrid version meets current and post-quantum requirements.