What is PQC and when should you use it?

Frank J. Ohlhorst, IT Consultant, Editor-at-Large

February 22, 2019

3 Min Read
Quantum computing
Shutterstock

At this year’s IBM Think Event the potential of quantum computing was a major subject, with predictions of computing power previously unheard of arriving within the next five to 10 years. However, in the world of technology, five to 10 years is a long way off and planning for the impact of those technologies often proves to be folly when the arrival is so far in the future. Nevertheless, there’s one critical area in which quantum computing may have a definitive impact and should be thought about today: encryption.

The National Institute of Standards (NIST) predicts that within the next 20 or so years, sufficiently large quantum computers will be built to break essentially all public key schemes currently in use. NIST further illustrates the importance of establishing post-quantum cryptography (PQC) now with the statement “Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure. Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.” To that end, the NIST has been requesting submissions for PQC standards and working with industry leaders to come up with a methodology to address the future threats posed by quantum computing powered attacks.

Numerous vendors are working together to develop new public key infrastructure (PKI) solutions to address the threats posed. Yet, several challenges still remain, such as backward compatibility with existing PKI and certificate solutions, as well as performance and other concerns.

Certificate authority and cybersecurity solutions company DigiCert aims to address those concerns by partnering with cybersecurity vendor Utimaco and Microsoft to develop a next generation PKI that should prove to be resistant to Quantum Computer based attacks. At the Digicert Summit 2019, the trifecta of companies held interviews and made announcements around PQC.

Hojjati-Avesta_DigiCert.jpg

DigiCert’s Avesta Hojjati

“DigiCert, Microsoft Research and Utimaco are collaborating today to solve tomorrow’s problem of defending connected devices and their networks against the new security threats that the implementation of quantum computers will unleash,” said Avesta Hojjati, head of DigiCert Labs, the company’s R&D unit. “Together, we are leading the market with development of hybrid certificates that inject quantum-resistant algorithms alongside RSA and ECC to ensure long-term protection.”

The certificates are issued by DigiCert using the Picnic quantum-safe digital signature algorithm developed by Microsoft Research. To implement this algorithm and issue certificates, DigiCert has used an Utimaco hardware security module. The full solution, in development, would provide quantum-safe digital certificate issuance and secure key management, helping companies future-proof their IoT deployments.

“DigiCert, Utimaco and Microsoft’s successful test implementation provides a fundamental building block for the implementation of quantum-safe solutions,” said Dr. Thorsten Grötker, CTO, Utimaco. “Using these solutions, IoT manufacturers and other large organizations can innovate and develop products that are well prepared against coming quantum threats.”

For managed service providers, the rise of PQC may spell out significant change for an industry trying to keep up with the latest threats.

“Protecting our client’s data is of the most critical importance. If PQC can improve that protection then it is a technology we must embrace.” said Raj Mehta, president and CEO of Infosys International, a Plainview, New York-based IT services provider. “The real challenge will be one of deploying PQC, but only after it is ratified by NIST.” added Mehta.

Read more about:

MSPs

About the Author(s)

Frank J. Ohlhorst

IT Consultant, Editor-at-Large

Frank J. Ohlhorst is an award-winning technology journalist and technology analyst, with extensive experience as an IT business consultant, editor, author, presenter and blogger. He frequently advises and mentors technology startups and established technology ventures, helping them to create channel programs, launch products, validate product quality, design support systems, build marketing materials, as well as create case studies and white papers.

Mr. Ohlhorst also has extensive experience assisting businesses looking to launch analytics projects, such as big data, business intelligence and resource management. He also has taken on contract roles as a temporary CIO, CTO and data scientist for startups and new ventures. Mr. Ohlhorst also provides forensic services for data security and assist with compliance audits, as well as researching the implications of compliance on a given business model.

Mr. Ohlhorst also has held the roles of CRN Test Center director, eWeek’s executive editor, technology editor for Channel Insider, and is also a frequent contributor to leading B2B publications.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like