Quantum computing is coming for your cryptography, warns NCSC

No need to panic just yet, but plans to move to quantum-safe alternatives should be in place by 2028 at the latest

The UK’s cybersecurity agency National Cyber Security Centre (NCSC) is recommending that organisations start replacing existing asymmetric public key cryptosystems with post-quantum cryptography (PQC) to defend themselves against quantum computers, which in theory could crack those systems with ease.

Asymmetric cryptography is used today to protect almost all online traffic. While quantum computing is currently an emergent technology restricted to specialised use cases, recent developments suggest a more general-purpose model capable of breaking these algorithms may not be far away.

“The threat to cryptography from future large-scale, fault-tolerant quantum computers is now well understood,” NCSC states in new guidance issued this week.

“Quantum computers will be able to efficiently solve the hard mathematical problems that asymmetric public key cryptography (PKC) relies on to protect our networks today.”

The agency acknowledges that PQC technology is immature in certain areas, including WebPKI certificates and ICS protocols, but suggests that for large organisations the discovery and planning stage alone could take up to three years. They should begin that process as soon as possible rather than waiting for the tech to catch up, it says.

NCSC suggests that by 2028 organisations should have completed the discovery and assessment phase, with plans in place to prioritise the most vulnerable systems. By 2031 migration of the highest priority systems to PQC should be complete, with all vulnerable cryptosystems replaced by 2035.

The US National Institute of Standards and Technology (NIST) has already standardised PQC algorithms suitable for most use cases.

NCSC will soon launch a pilot scheme to assure consultancies that offer support to the discovery, assessment and planning activities.

Scientists establish quantum key distribution record

In other quantum news, scientists from South Africa and China claim to have broken the record for quantum communications, establishing a link between Chinese “microsatellite” Jinan-1 in low-Earth orbit and ground stations in China and South Africa.

The scientists from Stellenbosch University and the University of Science and Technology of China in Heife generated quantum keys and used them to share encrypted photos of the Great Wall of China and Stellenbosch University over a distance of 13,000 km.

The results of their tests are published in Nature.

Achieving reliable quantum key distribution (QKD) is the first step in creating an ultra-secure quantum internet.

Nvidia invests in quantum

Fresh from sending quantum stocks plunging after its CEO Jensen Huang suggested that quantum computing may be decades away, semiconductor giant Nvidia has performed an apparent volte-face, announcing that it is to build a research centre in Boston, USA, dedicated to the field.

The Nvidia Accelerated Quantum Research Centre (NVAQC) will “integrate leading quantum hardware with AI supercomputers, enabling what is known as accelerated quantum supercomputing,” the company said, adding that it will “help solve quantum computing’s most challenging problems, ranging from qubit noise to transforming experimental quantum processors into practical devices.”

Want to know more? Computing 's Cybersecurity Festival returns to London in May, where senior IT decision makers can learn about modern challenges, compare strategies with peers, and source solutions. Click here to register for free.