Victor Hugo wrote that “nothing is more powerful than an idea whose time has come.” It increasingly feels that the need to pursue quantum resilience is one of those ideas, although I doubt that Mr. Hugo was specifically thinking about quantum computers and how they will eventually break our public key cryptography when he wrote those famous words in The Future of Man. All the same, 2024 may go down in history as the year when the world accepted the need to adopt post-quantum cryptography (PQC) as an inevitable and urgent matter.
Ever since NIST standardized three post-quantum cryptography algorithms in August of this year, there has been a continuous drumbeat of events and news that have served to reinforce the need to start PQC migration now. In November of this year, NIST published an initial public draft titled “Transition to Post Quantum Cryptography Standards” (NIST IR 8547). In this publication, NIST presents a timeline for deprecating and later disallowing classical public key algorithms (specifically RSA and ECC) in the FIPS 140 standard in favor of PQC algorithms, with most classical PKI schemes deprecated by 2030 and disallowed by 2035.
These timelines are largely aligned with earlier US executive orders (NSM-10) and legislation (Public Law 117-260) on the matter. That may seem like a long time, but it really is not, given the scale and complexity of PQC migration. For comparison, a much more modest migration away from SHA-1 had been underway for over 13 years, and SHA-1 continues to be in production use in large numbers of systems. The Australian government recently published guidance disallowing the use of RSA and ECDSA after 2030 for national defense systems, a timeline that is even more condensed than that of NIST.
In addition to all the action from standards bodies and governments, plenty had been happening in the industry. For instance, earlier this month, Google unveiled its new quantum computing chip called Willow. Google claims that this chip takes five minutes to solve a problem that would take the world’s fastest supercomputers ten septillion (that is one followed by 25 zeroes, if you’re counting) to solve. You may wonder what this means for hard problems like factoring a number that is a product of two very large prime numbers – the hard problem that is at the core of today’s public key cryptography algorithms like RSA and Elliptic Curve Cryptography (ECC).
The answer is it is ultimately not good news, although cryptanalytically relevant quantum computers (CRQC) may still be some time away. Google’s researchers claim that Willow ameliorates the problem that the current quantum computers have, where the error rate increases with the number of qubits. If true, this would be a significant advancement because error reduction and/or error correction are some of the key challenges to building quantum computers with large numbers of qubits.
As a further reflection of industry trends, Gartner recently published their “Top Ten Strategic Trends for 2025,” in which post-quantum cryptography was prominently featured. CIOs across the industry will read and consider this research for strategic planning in 2025 and beyond. It seems the world has suddenly realized that cryptographic plumbing is foundational to digital privacy and trust, and if that plumbing starts to leak, the foundation will be at risk.
To accentuate that point, just this week, the Wall Street Journal ran an article titled “A Looming Threat to Bitcoin: The Risk of a Quantum Hack.” Yes, Satoshi Nakamoto may have been a genius who invented a remarkable scheme, but that scheme at its core still relies on classical asymmetric cryptography, and if that cryptography is broken by CRQCs, so will the bitcoin in your digital wallet. Financial institutions have been aware of the risks that cryptanalysis on quantum computers will pose to digital financial assets for some time and, as a result, have been leading the way in exploring PQC migration.
In our own business here at SafeLogic, we have had a front-row seat to the increasing customer interest in the risks that CRQCs pose to classical PKI and the exploration of PQC migration. Compared to even twelve months ago, the increased interest that our clients have in PQC now is noteworthy with the topic coming up in almost every single customer business review. In the end, PQC may end up being one of those technology curves that goes from low awareness to a hockey stick, with executives’ questions turning from “Why are you working on this?” to “Are we quantum-safe yet?”. There is little doubt that PQC migration will take time for most organizations, and with the transition deadlines looming, there is no time to lose. Quantum resilience is an idea whose time has come.