Preparing for the Impact of Quantum Computing on Classical Encryption

December 17, 2024

Blog

Encryption is central to helping today’s organizations protect the privacy of their sensitive data and comply with regulations.

Considering the sheer volume of data that is stored and transmitted in today’s digital environments, encryption is a necessary security measure across all industries, but especially so in domains like Healthcare and Financial Services that handle highly confidential customer information. Awareness and action around encryption are growing, with more than half of the firms surveyed in Encryption Consulting’s 2024 Global Encryption Trends Report storing over 60% of their sensitive data in the cloud and protecting it using encryption.

Over time, encryption methods have grown increasingly complex and sophisticated, now using advanced mathematical algorithms to encode data versus simple ciphers. Currently, there are a variety of encryption schemes in use that vary based on how they work, how complex they are, and what primary industry or purpose they serve, such as securing web traffic, emails, or digital signatures.

But what happens when new technological advancements arise that have the potential to make our most common encryption techniques ineffective? This is the dilemma modern organizations face with a new era of quantum computing on the horizon. While our current encryption methods are strong, they are no match for the next-generation quantum computers that will be able to bypass these algorithms easily. Therefore, organizations need to start facilitating post-quantum cryptography (PQC) migration now to ensure their systems can withstand future data security threats.

Quantum Computing Threats to Classical Encryption

Quantum computing is a dynamic, emerging field within computer science focused on harnessing the principles of quantum mechanics to solve complex problems. Quantum computers, expected to be commercialized by 2030, will have exponentially more powerful computing capabilities than any traditional computers we've seen to date.

This will come with pros and cons for society and enterprises. On one hand, the immense computing power of quantum machines will revolutionize industries. But on the other, experts predict that within a decade, quantum computers will be able to compromise the public key infrastructure (PKI) encryption algorithms that systems operate on today, such as RSA (Rivest-Shamir-Adleman), Elliptical Curve Cryptography (ECC), and Diffie-Hellman (DH) Key Exchange.

PKI encryption techniques rely on certain mathematical problems that are too time-consuming for classical computers to solve. However, quantum computers will be able to crack these problems quickly and easily. For instance, Shor’s algorithm is one of the most well-known quantum algorithms. It is capable of breaking asymmetric encryption schemes like RSA, ECC, and DH by quickly factoring large numbers into their prime components or solving discrete logarithms in polynomial time. Since these are capabilities that traditional computers are not able to accomplish, current PKI algorithms have historically been secure. Yet quantum computers running Shor’s algorithm will make short work of cracking these asymmetric encryption measures, making systems protected by these schemes vulnerable to cyberattacks.

Opportunistic cybercriminals will take advantage of these leaps in quantum computing to steal sensitive data for ransomware, sabotage, and other malicious uses. In fact, cybercriminals are already putting in motion attacks that depend on the quantum advancements promised in the near future. For example, in Steal Now, Decrypt Later (SNDL) attacks, hackers plan ahead to gain unauthorized access to data, especially data that retains its value over time. These hackers intercept encrypted data now with the intent to decrypt it down the road when quantum computing technology is accessible. To defend against these threats, it is crucial to phase out or update vulnerable encryption methods. Leveraging Field Programmable Gate Arrays (FPGAs) will be essential in combating SNDL attacks effectively.

The Shift to Post-Quantum Cryptography

Considering quantum threats, organizations across industries will be required to adopt PQC algorithms. The stakes are even higher for critical infrastructure organizations, such as those in energy, transportation, government, and other sectors. The consequences of missing the mark on PQC could include anything from a disruption of critical services to national security threats. To encourage and aid this transition, U.S. government agencies like the National Security Agency (NSA) and the National Institute of Standards and Technology (NIST), along with global agencies like the European Union, have introduced new PQC standards. Specifically, the NSA’s Commercial National Security Algorithm Suite 2.0 and NIST's three new PQC encryption schemes, built for the future and ready for immediate use, will assist organizations to develop PQC readiness roadmaps.

FPGAs for Security

Integrating FPGAs into existing and future systems can help facilitate a smooth transition to PQC. FPGAs are flexible semiconductors, differentiated from other fixed-function solutions by their ability to be reprogrammed even after deployment. FPGAs can be used to perform a multitude of critical security functions and provide Hardware Root of Trust (HRoT) within systems. They are also “crypto agile,” allowing developers to adopt new PQC algorithms without needing to redesign or replace hardware. This agility will significantly reduce the burden and cost of complying with evolving regulations and maintaining cyber resiliency. Moreover, FPGAs’ parallel processing capabilities allow for multiple cryptographic algorithms to be implemented on a single FPGA simultaneously. This can enable easy switching between different, next-generation encryption methods as needed.

FPGA technology offers unique advantages in meeting modern security challenges. Unlike fixed-function processors limited by microcode, FPGAs provide truly flexible, reprogrammable hardware capable of parallel processing and real-time security operations. This flexibility proves crucial for implementing platform firmware resiliency (PFR) and attestation capabilities, ensuring systems boot securely and maintain trusted operations across complex deployments. With Lattice FPGAs, you can implement a PFR solution, as specified in NIST Special Publication 800-193, providing systems the ability to protect platform firmware, detect unauthorized changes, and recover when an unauthorized change is detected.

The cybersecurity landscape is remarkably dynamic, demonstrated by the evolution of encryption mechanisms in preparation for the next era of quantum computing. Organizations can no longer rely on the status quo to ensure the continued privacy of their sensitive data. Instead, they need to be forward-thinking and agile in transitioning to PQC algorithms and mitigating quantum threats. FPGAs will play a pivotal role by offering the adaptability and powerful processing capabilities needed for enhanced cyber resilience.