Quantum Threat to Cryptography: Experts Warn of an Extinction-Level Event in Digital Trust
Quantum computing is hitting the headlines, and most of the time for good reasons.
As tech players like Microsoft and Quantinuum team up to accelerate breakthroughs in fault-tolerant quantum computing, industries are beginning to take notice. Their recent collaboration has delivered highly reliable logical qubits, pushing quantum’s frontiers in fields like materials science and drug discovery. It’s exciting, but there’s another side to this coin – the potential threat quantum computing poses to the digital trust we rely on every day.
DigiCert’s Quantum Readiness Day, held last week, pulled no punches in discussing the urgent need for preparedness. As industries scramble to keep up, the central question is becoming impossible to ignore:
Are we ready for quantum’s inevitable impact?
The Quantum Skills Gap: A Race Against Time
The first panel brought together Dr Bob Sutor from The Futurum Group and Professor Reza Nejabati from Cisco to address the growing quantum skills gap.
While quantum computing was once seen as an abstract concept reserved for physicists, it has now become a tangible engineering problem that requires immediate attention. Professor Nejabati discussed Cisco’s use of digital twins to train engineers in quantum tech, providing hands-on experience to prepare them for this new industrial wave.
Dr Sutor, however, homed in on an even more pressing issue – cryptography. He warned that quantum computers are poised to break classical encryption methods, and many businesses are alarmingly unprepared for this eventuality.
“Many companies don’t even know all the different encryption schemes they’re using,” he remarked. He painted a vivid picture of how fragmented and uncoordinated encryption systems have become over the years.
Mergers, acquisitions, and evolving technologies have left many businesses with a patchwork of cryptographic protocols, each with varying levels of security. According to Sutor, this lack of oversight leaves companies vulnerable to attacks, quantum or otherwise.
“The first step is discovery,” Sutor advised, underscoring the need for businesses to take stock of their cryptographic systems. He recommended that organisations start by conducting a thorough inventory of where and how their encryption is deployed. This discovery phase is critical because it allows businesses to identify vulnerabilities and prioritise the most immediate risks.
Once companies have visibility into their cryptographic landscape, Sutor outlined a staged approach for upgrading to quantum-safe encryption. “It doesn’t have to be done in one day, but starting now is key,” he urged.
The takeaway here is that quantum is no longer a distant issue. Though it may seem like early days, some immediate concerns, such as the skills gap, could leave industries massively vulnerable, especially with the rapid pace at which quantum technology is advancing.
Preparing for the Wave: Is the Industry Even Ready for Quantum?
Dr Tahel Elgamal, the ‘Father of SSL,’ and Dr Amit Sinha, CEO of DigiCert, took a hard look at the industry’s preparedness for the era of quantum computing.
Both expressed serious concerns over the looming quantum threat, particularly to cryptographic systems that form the backbone of digital security. While the industry has made some progress, they warned that time is running out to fully implement Post-Quantum Cryptography (PQC).
Dr Elgamal stressed that the transition to PQC isn’t just a technical challenge; rather, a monumental shift in how cryptography operates at its core.
“We’ve spent decades embedding cryptographic solutions like SSL into browsers, servers, and firewalls, telling people, ‘Don’t worry, it’s taken care of.’” he reflected. But the reality is that these once-reliable systems are now under threat from quantum’s ability to break the very algorithms they rely on.
PQC is designed to withstand the computational power of quantum computers. However, Elgamal pointed out, “Planning will take time, and execution could take even longer.” Transitioning to PQC involves not only upgrading algorithms but also ensuring that every layer of an organisation’s security infrastructure is quantum-safe.
This means that businesses must think beyond just replacing encryption keys; they need to build a completely new framework that can withstand the unprecedented power of quantum computers.
Elgamal likened the process to rethinking cryptography from the ground up. “Many companies still operate with cryptographic methods that haven’t been touched in 20 years, and they’re already vulnerable,” he warned.
In many cases, legacy systems are still using outdated algorithms that are easy targets, even without quantum’s intervention. The transition to PQC will be a long and complex process, but starting early is key to avoiding a crisis down the road.
Meanwhile, Dr Amit Sinha emphasised the urgency of preparing for quantum computing, warning that it could be an “extinction-level event” for current cryptographic systems if industries don’t act swiftly. He cautioned that quantum computers could crack widely used encryption methods like RSA, jeopardising the digital trust that underpins global economies.
Sinha stressed that new post-quantum cryptography standards from NIST offer a crucial framework, but implementing them requires significant coordination and resources. He urged businesses to adopt “cryptographic agility,“ preparing now to seamlessly transition between encryption protocols as quantum threats evolve.
Cracking the Code: Securing Cryptography for the Quantum Era
The third panel, featuring Jim Goodman of Crypto4A and Dr Marc Anzano of SandboxAQ, delved into the technical challenges of preparing cryptographic systems for quantum. The question that looms within this discussion is: How do we secure our systems for the quantum world?
Goodman warned against complacency, highlighting a common misconception. “Many think they can just add post-quantum cryptography when the time comes,” he said. “The issue is that if your foundational systems aren’t secure now, even that upgrade will be vulnerable.”
His solution? Focus on building quantum-safe foundations today.
Anzano took the conversation further by discussing the importance of visibility in cryptographic systems. According to him, most companies lack the tools to see where their cryptography is being used and where vulnerabilities lie.
“It’s about shedding light on the ‘unknowns,’” he stated. Without this understanding, companies will find it difficult to prioritise their quantum-safe transitions.
Both experts agree on one thing: Interoperability will be key. As quantum systems evolve, ensuring that different cryptographic systems can work together will be significant for industrial applications. This is especially crucial for all industries across the world, especially those that often rely on a mix of legacy systems and newer technologies.
The event then proceeded with an exclusive discussion featuring Emilia Käsper, Safe Coding Lead at Google. She offered a deep dive into Google’s quantum preparedness strategy.
She highlighted how recent cryptographic breaches have shown that threat actors don’t need quantum computers to cause significant damage. “Threat actors will go after valuable cryptographic keys and attempt to steal them, with or without a quantum computer,” Käsper emphasised.
Google has taken a proactive approach by running large-scale experiments on post-quantum handshakes between Chrome browsers and Google servers. These real-world tests are helping Google understand how to integrate quantum-safe protocols without compromising performance.
Quantum-Fused Digitalisation: The Catalyst of Futuristic Tomorrow
The revelations from DigiCert’s Quantum Readiness Day are a stark reminder that we’re not just on the edge of a technological revolution—we’re teetering on a precipice.
Quantum computing is a paradigm shift—a fundamental change that could reshape every aspect of our digital world. However, the main lesson from every panel discussion at DigiCert’s events laid bare the urgency of ensuring preparedness for this shift, especially regarding the security of post-quantum cryptography.
Which then begs the question: Have we truly prepared ourselves for the next great leap, or are we sleepwalking towards obsolescence? Sure, the tech giants are blazing the trail—Google’s post-quantum handshakes, and Microsoft’s breakthroughs with Quantinuum—but how much of this progress will truly matter if industries across the globe have not sparked any awareness of such urgency?
As industries and governments scramble to adapt, the question isn’t whether quantum will change the world, but how ready we are to shape that change.
