Quantum-resistant encryption: preparing networks for the post-quantum era

NetworkTigers explores quantum-resistant encryption, its significance for network security, and what engineers need to know to prepare for potential quantum threats.

Quantum computing has arrived faster than anticipated, forcing encryption technologies to adapt urgently. Unlike classical computers, quantum systems operate on entirely different mathematical principles. This enables them to crack the complex algorithms that safeguard online transactions and sensitive data at extraordinary speeds, which was unimaginable when these security codes were first designed.

Post-quantum cryptography, also called quantum-resistant encryption, has emerged as a vital defense. This rapidly advancing field of cryptographic research aims to counteract the unprecedented capabilities of quantum computing and protect critical systems against future threats.

What is quantum-resistant encryption? 

Quantum-resistant encryption is also known as post-quantum cryptography, or PQC. According to the NIST, the primary goal of PQC is to “develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks.”

Quantum-resistant encryption currently rests upon 6 pillars: 

• 1. Lattice-based cryptography
• 2. Multivariate cryptography
• 3. Hash-based cryptography
• 4. Code-based cryptography
• 5. Isogeny-based cryptography
• 6. Symmetric key quantum resistance

What do engineers need to know about PQC?

The following are some of the basics that network engineers should know about quantum-resistant encryption, such as how and when to incorporate it, as well as the possible costs of doing so: 

1. Current algorithms like RSA and ECC are vulnerable to attacks from quantum computers. The threat is evolving, but already exists. Even secure systems, such as VPNs and HTTPS, can be compromised. Shor’s algorithm enables quantum computers to break traditional mechanisms that protect systems far too quickly to remain secure for long. For instance, a 20-million-qubit computer can break RSA encryption, which is based on 2,048-bit numbers, in just 8 hours of runtime.
2. Quantum-resistant algorithms have much larger key sizes than current algorithms do. This is because they rely upon different mathematical calculations, and are much wider-ranging to match the scale of quantum computing. 
3. Quantum-resistant still doesn’t mean quantum-proof. While several algorithms are in development, the silver bullet does not yet exist. As of 2022, NIST has recommended four algorithms, with at least four more in development for the future. 
4. Quantum encryption may reduce efficiency. Quantum cryptography may have mind-blowing potential, but its current implementation is resource-intensive. Think major data networks, cooling centers, high-cost professional development, upgrade fees, and more. This means that implementing PQC may initially lower business efficiency.
5. PQC is difficult to integrate with existing systems. According to NIST, current quantum-resistant tools such as QKD won’t work in software or SaaS solutions. Quantum computing requires a major upgrade to existing network equipment, which can further reduce business efficiency and put it out of reach for many smaller enterprises. 
6. To prepare for PQC, companies and users need to review and document all systems and applications that rely on public-key cryptography. The NIST advises replacing systems that use this technology before cryptographically relevant quantum computers are widely available. 
7. Blockchain is especially at risk. Cryptocurrency enthusiasts should take heed of advances in quantum computing, as the blockchain technology used to mine digital currencies may be especially vulnerable to quantum attacks. Likewise, IoT wearables often employ notoriously lightweight cryptography, which means that even devices with our biometric data and personal health information may be at risk.  

Key developments in quantum-resistant encryption

Perhaps the most significant red flag for quantum-resistant encryption, however, is engineers’ inability to test their creations effectively. Currently, there is not yet a large enough quantum computer to thoroughly test an algorithm’s resiliency to a quantum attack. While formulas are in development, it is impossible to prove beyond a shadow of a doubt whether or not they will work in every case. 

This does not mean that engineers are not attempting to rise to the task, however. In July 2022, NIST announced the first four quantum-resistant algorithms being considered for inclusion into NIST standards. These selections are:

1. CRYSTALS-Kyber: Recommended for general encryption and accessing secure websites, the CRYSTALS-Kyber algorithm was chosen for its comparatively small encryption keys and speed. 
2. CRYSTALS-Dilithium: For digital signatures, NIST recommends CRYSTALS-Dilithium as the primary algorithm. 
3. FALCON: FALCON was selected for its security when working with applications that require smaller signatures than Dilithium can provide. 
4. SPHINCS+: SPHINCS+ (pronounced “sphinx plus”) is the only algorithm selected that uses a different mathematical approach than CRYSTALS and FALCON. While it is larger and somewhat slower, this difference makes it not only a valuable backup option but also provides essential variety. SPHINCS+ relies upon hash functions, while the other three are based upon the family of structured lattice problems. 

Quantum-resistant encryption relies on global collaboration to address a threat that knows no borders. A major concern for companies and individuals is the “harvest now, decrypt later” approach, where attackers collect encrypted data today with the hope of decrypting it in the future using quantum power. Even if hackers cannot read stolen data immediately, storing it increases the risk that it will eventually be exposed and exploited.

Although quantum-resistant encryption is not flawless, it represents a critical step forward. Adopting these advanced protections now helps organizations and individuals stay ahead of future attacks and strengthen security before quantum capabilities become widespread.

About NetworkTigers

NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com.