The new math: Solving cryptography in an age of quantum (2025)

“It is important that organizations start preparing now for the potential threat that quantum computing presents,” said Matt Scholl, computer security division chief at NIST. “The journey to transition to the new postquantum-encryption standards will be long and will require global collaboration along the way. NIST will continue to develop new post-quantum cryptography standards and work with industry and government to encourage their adoption.”11

New: Upgrading to a quantum-safe future

There’s good news, though. While upgrading cryptography to protect against the threat of quantum computers requires a comprehensive and widespread effort, given sufficient time, it should be a relatively straightforward operation.

Initial steps include establishing governance and policy, understanding current cryptographic exposure, assessing how best to prioritize remediation efforts across the infrastructure and supply chain, and building a comprehensive road map for internal updates and contractual mechanisms to ensure vendors meet the updated standards.

“The first step to reclaim control over decades of cryptographic sprawl across IT is to leverage modern cryptography management solutions, which empower organizations with critical observability and reporting capabilities,” says Marc Manzano, general manager of cybersecurity group SandboxAQ.12

Once these initial steps are completed, organizations can begin updating encryption algorithms. In August 2024, NIST released new standards containing encryption algorithms that organizations can implement. The agency says these encryption methods should withstand attacks from quantum computers by changing how data is encrypted and decrypted.13

Current encryption practices encode data using complex math problems that outpace the computing power of even today’s most powerful supercomputers. But quantum computers will likely be able to crack these problems quickly. The updated NIST standards move away from today’s large-number-factoring math problems and leverage lattice and hash problems, which are sufficiently complex to bog down even quantum computers.14

Large tech companies are already beginning their transition. Following the release of NIST’s updated standards, Apple updated its iMessage application to use quantum-secure encryption methods.15 Google announced that it implemented the new standards in its cryptography library and will use them in its Chrome web browser.16 IBM, which has invested heavily in developing quantum computing technology, has integrated postquantum cryptography into several of its platforms, and Microsoft has announced that it will add quantum-secure algorithms to its cryptographic library.17

In 2021, the National Cybersecurity Center of Excellence (NCCoE) at NIST started the Migration to PQC project. It has grown to over 40 collaborators, many of whom have cryptographic discovery and inventory tools with differing capabilities. The project demonstrates the use of these tools in a manner that will enable an organization to plan for their use. Other collaborators are focused on testing the PQC algorithms for use in protocols to understand their interoperability and performance as they prepare to implement PQC in their products.18

“An organization needs to understand where and how it uses cryptographic products, algorithms, and protocols to begin moving towards quantum-readiness,” says Bill Newhouse, co-lead for the Migration to PQC project at the NCCoE. “Our project will demonstrate use of the tools and how the output of the tools supports risk analysis that will enable organizations to prioritize what it will migrate to PQC first.”19

Next: Leveraging postquantum cryptography to prepare for future threats

While enterprises upgrade their encryption practices, they should consider what else they might do. This can be likened to cleaning out the basement: What can be done to clean out the back corners no one has looked at in a decade? They will map out highly technical, low-level capabilities in core systems that haven’t been assessed in years. Perhaps they will uncover other potential issues that can be addressed while upgrading cryptography, such as enhancing governance, improving key management processes, implementing a zero trust strategy, upgrading cryptography while modernizing legacy systems, or simply sunsetting tools that haven’t been used in a while.

Organizations that engage in proper cyber hygiene are likely to strengthen their broader cyber and privacy practices. They will likely be more cautious about collecting and sharing anything other than strictly necessary data, establish more robust and accountable governance mechanisms, and continually assess trust between digital components. Beyond protecting against the far-off threat of quantum attacks, these practices harden an enterprise’s defenses today by building secure habits into everyday activities.

Enterprises should consider how to create a reproducible set of activities to protect their cryptographic systems against various types of attacks and failures, a concept known as cryptographic resilience. Today, organizations need to prepare for the quantum threat vector, but tomorrow, the next new risk will require a different approach. Security teams shouldn’t have to go through this entire exercise again when a new threat emerges—instead, they should develop the muscles necessary to add or swap out cryptographic capabilities quickly and seamlessly.20

As our digital and physical lives become more closely linked, our friendships, reputations, and assets are undergoing a digital transformation. These areas are mediated digitally and secured cryptographically. Going forward, the privacy and integrity of messages, transactions, and an increasing share of the human condition will be built upon a foundation of digital trust. Protecting cryptography isn’t only about protecting enterprise data stores—it’s about shielding increasingly sensitive areas of our lives.

“As our reliance on cryptography intensifies in the digital economy, organizations must act swiftly to prepare for a controlled transition to maintain the trust they’ve built with customers and partners,” says Michele Mosca, founder and CEO of evolutionQ. “It’s crucial for organizations to develop a quantum-safe road map and partner with vendors to kick-start this vital shift. Prioritizing the security of your most sensitive information isn't just prudent—it’s essential.”21

Quantum computers are likely to bring significant benefits to a range of areas, such as drug discovery, financial modeling, and other use cases, that improve people’s lives. These potential benefits should not be overshadowed by the attendant security challenges. This is why enterprises should start hardening their defenses now so that they are prepared to reap the potential benefits of quantum computing without major disruption from its risks.

The new math: Solving cryptography in an age of quantum (2025)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Kerri Lueilwitz

Last Updated:

Views: 5984

Rating: 4.7 / 5 (67 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Kerri Lueilwitz

Birthday: 1992-10-31

Address: Suite 878 3699 Chantelle Roads, Colebury, NC 68599

Phone: +6111989609516

Job: Chief Farming Manager

Hobby: Mycology, Stone skipping, Dowsing, Whittling, Taxidermy, Sand art, Roller skating

Introduction: My name is Kerri Lueilwitz, I am a courageous, gentle, quaint, thankful, outstanding, brave, vast person who loves writing and wants to share my knowledge and understanding with you.