What is post-quantum cryptography (PQC)?
The next game-changer for cybersecurity
Post-quantum cryptography (PQC) consists in all cryptographic methods that withstand a quantum computer.
Nearby on the computing horizon quantum computers will be capable of factorizing large prime number products and solving the discrete logarithm problem.
As cryptography relies on algorithms, quantum will disrupt key encryption and cybersecurity as we currently know it.
Risks quantum poses to your security
What if everything you thought was secure was not anymore?
By disrupting cryptography, quantum computers jeopardizes the security of all assets and activities as we currently do them. Indeed all data protection, email exchange, payement, communication and much more are secured with algorithms. And these will soon be broken by quantum computing. Hence nothing will be secure anymore… if secured with classical, ie. non PQC-ready, algorithms.
Migrating to PQC is not an option, rather a vital requirement to maintain your business continuity and security.
Exposure to "Harvest now, decrypt later" attacks
Unfriendly governments already start to harvest your data now, hoping that in the massive amount of data they capture at least one is critical and/or sensitive to your business and provides a competitive advantage.
2037: the security apocalypse?
Quantum computers are expected to reach maturity by 2037.* By then they will be able to break all KEM currently in use (e.g. RSA, TLS, SSL...) meaning that no payment or data exchange, or else, will be secure anymore. * Source: 2022-quantum-threat-timeline-report-dec poll with several CISOs.
Now is your chance: get Quantum-proof before Quantum hits
According to the CSA, a medium-size business asset's migration to PQC would need an inreducible 3-years time. Before that you must have already run your cryptographic inventory and risk assessment to prioritize assets to be migrated first and fast.
PQC migration: you have no choice but to climb that mountain
A triptyc of challenges
Even though successfully migrating to PQC will not be a sinecure, organizations who may rest on their laurels, considering there is way enough time to migrate, greatly risk facing the security apocalypse induced by Quantum.
Worry now AND act now! As you must first and foremost run an exhaustive cryptography inventory (architecture, assets and keys) and perform a risk assessment to prioritze the assets to migrate to PQC, you will reach the irreducible 3-years migration timeline before you even realize.
It is not just about switching cryptography algorithms, rather mainly about identifying which KEM you used, for what assets, and why. In parallel prioritization of asssets to be migrating relies on whether their data shelf time overlapps the quantum-computing maturity time horizon.
While the cybersecurity industry is already short of 3.4million people, the cryptography skills gap is abyssal. Successfully migrating to PQC will require you to get support from the rare cryptographs worldwide. Futhermore to get your Board’s investement approval, raising awareness on PQC is essential.
Embark on the PQC migration journey
PQC is to cybersecurity what the advent of the Internet was to IT
On your marks, set, go for the marathon to quantum-proof security!
Remember those who thought “there’s time before it hits us” while the Internet bubble was growing?
In the end when they decided to get in the race, all the others had already reached the finish line.
The advent of PQC will be no different. Make sure not to miss the boat!
Awareness and education
Protecting yourself from quantum computers is a real challenge, and one that requires some serious math skills. Therefore stakeholders must understand the basics of PQC to ensure a successfull migration.
Cryptography inventory
Exhaustively identify all the Key Encryption Methods (KEM) used for each of your assets (application, file, network…), their data shelf time and sensitivity level.
Risk assessment
Assess the level of risk and exposure of leaving an asset with non-PQC KEM, hence exposing it to quantum brute-force attack and decryption.
Implementation
Start migrating the prioritized assets to PQC algorithms, and permanently deleting all the former instance.
Quantum-ready cybersecurity products
Our full range of quantum-ready cybersecurity products enable you to manage your data protection and your trusted digital identities:
Data Encryption
Protect and encrypt your most sensitive data, at rest and in motion. For cloud, virtual and on-premises infrastructures, and any level of encryption.
Digital Identity
Protect electronic identities with cryptographic solutions and applications for secure elements, digital identities and user-friendly encryption.
Identity and Access Management
Only give the right people access to the right information at the right time. See who has access, why they have it and how they use it.
Videos
Is your business ready for the quantum threat?
Why does the arrival of quantum computers threaten asymmetric encryption?
The road for quantum-safe cryptography
The different steps that await you on your PQC journey
PQC migration is a teamwork
Building a secure digital PQC future requires a united front!
Make crypto-agility your raison d'être
PQC migration is here but it's not a one-time deal!
Press release
October 8, 2024
Eviden launches PQC HSMaaS, a EU sovereign, Post-Quantum Cryptography Hardware Security Module as a Service
October 11, 2023
Eviden supports post-quantum algorithms with its network security solution ‘Trustway IP Protect’
Book a 1-hour consultation
Get started on your PQC migration journey with our experts: identifying what stage you are at, getting a clearer view of the stakeholders to onboard firt, and the key milestone to kick-off the project right.
Get in Touch!