Table of Contents
Analyst, Laura Wilber, says advances in quantum computing and AI are shrinking the timeline for operators and enterprises to begin transitioning to post-quantum cryptography
Rapid advances in quantum computing is dialing up the urgency to transition to quantum-safe cryptography, according to Laura Wilber, senior analyst, ENEA AB.
In an interview on Pulse, Wilber said that post-quantum security concerns are fast climbing the priority list, and that the urgency to migrate to post-quantum cryptography (PQC) is bigger than the industry expects.
“There is some new urgency around at least getting started with the transition and that goes for people working in telco as well as enterprise sectors,” she said.
Although quantum computers are still several years out, Wilber argued that engineering breakthroughs can hasten the arrival as innovation is now down to solving the engineering piece of it.
“Even though this is a ‘could’ and not a ‘will’, there could be a breakthrough progress just because it’s focused on engineering. There’s a chance that it’s going to advance much sooner than people would like,” she said.
Wilber pointed to recent studies suggesting that the number of qubits required to break widely-used encryption systems like RSA may be dramatically lower than previously believed. According to a recent Caltech paper, RSA can be broken with as few as 102,000 qubits in just three months, a massive jump from a million qubits previously estimated.
Wilber suggested that the giddy pace of advancement in AI is further reason why companies must consider upgrading their network security posture today. “It’s opening up new threats, new kinds of attacks. They’re scaling, both in terms of sophistication and speed,” she said.
Pointing to recent breakthroughs like the Project Glasswing, an initiative led by Anthropic, and others like Google, Amazon, and Apple, to secure critical software using AI, she said, “They being able to touch legacy systems that people have assumed for so long are safe and solid and a lot of those are critical infrastructure within telco, governments, and industries that rely on the telco as their supplier. So you’re going to have some systems at risk that might not have otherwise been. So that’s another good reason to find those vulnerable spots and get in gear with the transition.”
While on one hand AI-driven security threats are raising the stakes for telecom operators and enterprises that have delayed preparation for quantum-safe cryptography, attacks like harvest now, decrypt later are further compounding the urgency with adversaries collecting encrypted data today with plans to decrypt it using future quantum computers.
For operators beginning the transition to post-quantum cryptography, Wilber suggested identifying where their cryptographic assets exist within the network. “Essentially, all our cryptographic resources, systems, and protocols are embedded in absolutely everything — from core systems to databases to the web. There’s nothing they don’t touch.”
So achieving global visibility is an important first step to finding all the cryptographic resources that need to be transitioned.
While migrating to PQC may not be a simple cipher update exercise, Wilber noted that operators today have access to great many tools like those provided by vendors like Keysight and Viavi for testing and managing the transition.
She added that the good news is that there’s still a lot of ifs and buts with what could or could not be possible with quantum computers. “There’s a big difference in ‘could’ and ‘can’, and on the could part, there’re some serious gaps that would need to be closed before it could happen right away…which would put everybody in a very tight timeframe for transitioning.”
