Yubico well-prepared for post-quantum computing threats

As the emergence of vastly powerful quantum computing appears on the horizon, businesses, organisations and governments are hard at work in preparation.

While the looming threat to cybersecurity, intellectual property, secure communications and even banking may be frightening, steps are being taken to ensure those with nefarious intentions will be unable to succeed in leveraging this new technology, such as the threat of "harvest now, decrypt later" attacks.

Post-quantum cryptography will be vital in responding to the future threats quantum computing will present. So, what exactly is post-quantum cryptography, how worried should we be, and what is being done about this approaching issue?

"Post-quantum cryptography is a fix for a problem we've got coming, given we use computers everywhere," said Alex Wilson, Director Solutions Engineering – APJ at Yubico.

"Some scientists 20, 30, 40 years ago, came up with this idea of quantum computing, and move forward 40, 50 years, and we have the concept that we're going to have our first quantum computer, we probably already have, which is going to be able to decrypt everything that we have basically created in digital format today.

"All of our banking transactions, all of our health data, any intellectual property around submarines or aircraft or whatever, if you can steal that data, then, and you have a quantum computer, you could probably decrypt that data, which could be quite bad. 

"Now, we're still five or six years away, so post-quantum cryptography is all about protecting us as we go forward and making sure that we're ready to protect ourselves if that thing happens, which is likely to happen."

Proactive measures will be required to help stave off the growing threat of bad actors utilising quantum computing.

With the potential consequences of wrongdoing ranging from mildly inconvenient to draining hundreds of thousands of dollars from your savings account with Westpac, people have a right to question if our banking, private communications and important documents like identifications and passports are safe from prying eyes going forward.

Government policies and multinational operations are being formed in readiness for the arrival of quantum computing as government agencies and corporate executives become wary of the looming threat, but Alex insists it is not yet time to hit the panic button, as measures already taken have put Australia in a strong position.

"The Australian government is part of the Five Eyes (a collaboration between Australia, Canada, New Zealand, the US and the UK that shares intelligence)," Alex continues.

"Last year I was fortunate to sit through a session by some of the cryptographers who have been focusing on post-quantum cryptography and it was the title of his presentation was 'PQC and the Apocalypse', so that was quite fun.

"So, the Australian Government are very serious about adopting the NIST (National Institute of Standards and Technology) approved technologies over the past 10 years.

"They knew this was coming, went out to the market and said, 'Give us your best cryptography to solve this problem.'

"They narrowed it down and we now have algorithms that protect us against this future threat. The Australian Government is one of the leaders in saying that we must prepare now and that by the end of 2030, we need to be making, we need to be no longer using the old cryptography.

"The US government has (identified) 2035 and then the other Five Eye nations around the world are all in that mix. 

"So, the Australians are leading and we have some very capable cryptographers and the systems, and we're trying to bring a focus to organisations to get the process started."

Yubico has also developed the YubiKey, a physical version of 2FA (two-factor authentication) that requires the person attempting to login to a particular system to insert the device into a USB-C slot, reducing the risk of phishing attacks, a large threat to privacy and cybersecurity.

This device is the precursor to a specific post-quantum cryptography device that is set to release next year, offering consumers a future-proofed cybersecurity and privacy tool.

"Yubico is building a (PQC) product," Alex said.

"However, customers today say,' Well, why should I buy something today? Because I'll need to buy it again in five years' time or three years' time.' Yubico does offer a service, Yubico is a service.

"We're phishing resistant so we can solve the No.1 problem today, stop data breaches. However, that service entitles you to the post-quantum cryptographic device when we ship in 2027. 

"So if customers say, 'Okay, well, can I do something today and protect myself phishing resistant-wise but then what happens in two, three years' time when PPC comes along?' Well, consuming the service gives you that capability moving forward."