PQC (Post Quantum Cryptography): The Discovery and Migration Begins.
Who knows when quantum computers will be built at a scale that can break our existing public key cryptography methods, but the risk is there. If you knew that at some time in the future someone could break into your home by discovering your front door key, would you go and change the lock? While many companies and organisations will be faced with this, and some will be forced to change the locks on their systems. This is due to Shor’s method which breaks all of our existing public key cryptography methods, including RSA, discrete logs and Elliptic Curve methods. Why should you care? Well, the security of every connection you make to the Internet is mainly based on an elliptic curve key exchange (ECDH), and the trust you have in the sites that you visit is mainly based on the public key of the website that you are connecting to (RSA, ECDSA or EdDSA). Basically, almost everything involved in these processes will be broken by quantum computers.
But in some parts of the world, the debate on how best to discover and migrate our existing systems has not even started. While the NCSC in the UK has stated that 2026 will be the year to start this migration in the UK, very few cybersecurity professionals are even debating what the first steps will be. But it needs to go beyond technical people and rise up to C-level executives. This needs to change, and those industries involved in critical infrastructures, such as finance, transport, education and energy, need to wake up to the fact that this migration needs to happen sometime soon.
If you are interested, here is a basic migration map:
So, to spark some debate, we hosted the International Conference on PQC and AI [https://luma.com/9lxiupu6]. Jaime Gómez García gave a perfect scene setting within the finance industry:
Then we had a panel that discussed the Quantum clock countdown to Y2Q:
What was great was that we had two innovative SMEs who are integrating AI into their PQC discovery and migration solution, and someone from Estonia who has seen the advancement of public key cryptography methods in setting up a digital nation.
Then we had two presentations from companies which are building discovery and mitigation tools:
and:
It is important that we understand the impact of moving away from methods such as RSA, ECDSA and ECDH, and so this presentation outlined the building of an evaluation framework for PQC methods:
And, then, finally — the cherry of the cake — we had the mighty Daniel J Bernstein showing how we could easily migrate our existing methods to PQC:
And he even stayed on for nearly an hour to debate the latest advancements:
A great day for knowledge exchange. Let’s now move PQC forward!
And here are some of the methods:
