Start planning for quantum computing cyberattacks now

Post-quantum cryptography (PQC) refers to the field of computing that focuses on developing algorithms and systems that are secure against potential threats posed by quantum computers. Quantum computers, which use principles of quantum mechanics to process information, have the potential to break many of the cryptographic systems that currently secure digital communications, data storage, and transactions.

Most of today's encryption methods (like RSA and ECC) rely on the fact that classical computers find certain mathematical problems extremely hard to solve. For example, factoring large numbers or solving discrete logarithms is computationally expensive for classical computers. However, quantum computers, with their ability to process information in superposition and perform operations in parallel, can solve these problems much more efficiently using algorithms like Shor's algorithm.

PQC aims to create cryptographic systems that are resistant to the power of quantum computers. This includes developing new algorithms for encryption, key exchange, and digital signatures that don't rely on the vulnerabilities quantum computers could exploit.

The shift to post-quantum cryptography is a proactive step to ensure data security in a future where quantum computers are capable of breaking today's encryption schemes. It is a rapidly evolving area, and researchers are working to standardize quantum-resistant algorithms, with initiatives such as the NIST (National Institute of Standards and Technology) post-quantum cryptography project playing a leading role.

»How enterprises should prepare for PQC

The Cloud Security Alliance estimates we could start seeing quantum decryption attacks in the next 5-10 years, first from large state actors (since they will have the most resources to build quantum computers first) and then eventually from general cyber criminals. Preparing for PQC is a critical step for enterprises to ensure the security of their data, systems, and communications in the future. Since quantum computers have the potential to break widely used cryptographic methods to decrypt data years after its exfiltration, enterprises need to take proactive measures to safeguard against potential quantum threats now. Here are some steps enterprises can take to prepare for PQC:

»Understand the risks

Current threats

Enterprises often store sensitive data for long periods. This includes financial records, intellectual property, personal identifiable information (PII), and other proprietary or regulatory data that might need protection for decades. If this data is encrypted using current methods, it could be vulnerable to decryption once quantum computers are available.

If attackers can capture and store encrypted data now, they can potentially decrypt it later when quantum decryption tools become available. This could lead to breaches of sensitive corporate data, intellectual property theft, or violation of regulations such as GDPR or HIPAA, all of which could have severe legal, financial, and reputational consequences.

Critical assets

Identify which data and systems are most critical for the enterprise. This includes intellectual property, customer information, financial transactions, and internal communications. These are the assets that require protection from quantum attacks.

»Evaluate current cryptographic systems

Audit encryption methods

Review existing cryptographic protocols and identify which ones could be vulnerable to quantum computing. Many current systems, such as RSA, DSA, and ECDSA, are based on problems that quantum computers could potentially solve efficiently using Shor's algorithm.

Implement hybrid cryptography

Consider using hybrid encryption methods that combine classical and quantum-resistant algorithms. This ensures a transition path without compromising security during the gradual rollout of quantum-safe solutions.

»Start adopting quantum-resistant cryptography

These are the steps you can take now toward building your quantum-resistant cryptography practices.

PQC standards

Monitor and start preparing for the transition to post-quantum cryptography standards being developed by organizations like NIST (National Institute of Standards and Technology). NIST has been working on standardizing quantum-resistant algorithms and protocols. Enterprises should track the progress of this effort and begin testing and adopting recommended algorithms when they become available.

Trial implementations

Vault Enterprise 1.19 included support for Module-Lattice-Based Digital Signature Algorithm (ML-DSA) PQC for the Vault transit secrets engine. The Transit Secrets Engine manages cryptographic operations on data in transit. This can be thought of as cryptography or encryption “as a service." The primary use case for the Transit Secrets Engine is to encrypt data from applications, allowing the encrypted data to be stored in a data store. This offloads the responsibility of proper encryption and decryption from application developers to the operators of Vault.

Vault Enterprise 1.19’s support for ML-DSA enables organizations to integrate PQC algorithms into test environments for experimentation and better understand the possible implications of PQC in their critical production environments. There will be additional opportunities for trial implementations with Vault’s next PQC update. The next PQC update will include support for Secure Hash Digital Signature Algorithm (SHA-DSA) for the transit secrets engine.

Software and hardware compatibility

Work with vendors to ensure that both your software and hardware can support post-quantum cryptographic algorithms when they are finalized. This may include updating existing encryption libraries or migrating to new hardware security modules (HSMs) capable of supporting quantum-resistant algorithms.

»Plan for long-term data security

Data retention strategy

Some organizations need to retain encrypted data for long periods (e.g., 20+ years). Even if quantum computers are not practical today, these archives may become vulnerable in the future once quantum computers are fully operational. Enterprises should consider encrypting sensitive data now using quantum-resistant algorithms to ensure it remains secure long into the future.

Forward secrecy

Ensure that encryption protocols used today, such as those for email or secure web browsing, provide forward secrecy. Forward secrecy ensures that if encryption keys are compromised in the future, past communications cannot be decrypted.

»Conduct regular security audits and penetration testing

Quantum-safe testing

As quantum-safe algorithms become available, begin conducting regular security audits and penetration tests that focus on the potential vulnerabilities posed by quantum computing. This will help identify weaknesses and validate that new security measures are effective.

Simulate quantum attacks

Some cybersecurity firms and academic institutions are developing methods to simulate quantum attacks on cryptographic systems. Enterprises can collaborate with these organizations to test their systems' resilience to quantum threats.

»Learn more

Post-quantum cryptography is not a distant future concern but a critical challenge that businesses must start addressing. HashiCorp Vault helps enterprises prepare for post-quantum cryptography by providing a flexible, centralized platform for managing and securing sensitive data across the organization. Vault supports a wide range of encryption methods, including the ability to integrate with post-quantum cryptographic algorithms once they are standardized. This ensures that organizations can seamlessly transition from traditional encryption to quantum-resistant cryptography as new algorithms become available.

Additionally, Vault’s dynamic secrets management, key rotation, and access control features ensure that cryptographic keys are protected and regularly updated, minimizing the risk of future quantum-based attacks. By providing tools for secure key management and supporting future-proofing strategies, Vault enables enterprises to stay ahead of evolving cryptographic threats, ensuring long-term data protection in a quantum-enabled future.

The key is to plan ahead, gradually implement quantum-safe systems, and remain adaptable as new cryptographic standards become available for enterprise usage.

• Vault Enterprise 1.19 release
• NIST’s quantum cryptography standards: Our plans