Post-Quantum Cryptography Solutions

Sub-Header

What is Post-Quantum Cryptography (PQC) and why is it so important to prepare?

Quantum computing is progressing rapidly; it won’t be long before a quantum cyberattack will be possible. Quantum cyberattacks will be able to cripple large networks in a matter of minutes. Everything we rely on today to secure our connections and transactions will be threatened by quantum computers, compromising all keys, certificates, and data. Cybercriminals, armed with quantum power to break traditional encryption algorithms, can analyze massive amounts of data or hack critical infrastructure in seconds.

Post-Quantum Cryptography (PQC), also known as Quantum-Resistant Cryptography (QRC), focuses on developing cryptographic algorithms and protocols able to stand up to quantum computing power.

Adopt a crypto agile strategy now, if you haven’t already, and begin to prepare for PQC as soon as possible.

Get started today with our free 5-minute PQC Risk Assessment Tool.

Understanding Post-Quantum Cryptography (PQC)

62%

of respondents in the Thales Data Threat survey said network decryption was the Post-Quantum Cryptography security threat of greatest concern, with Harvest Now Decrypt Later (HNDL) as the most immediate concern regarding quantum computing

Read the Data Threat Report
Thales Data Threat Report

Questions our customers often ask

    Quantum computing uses quantum bits known as qubits, which are based on quantum physics that give them different properties than current computers. Quantum computers are not bound to process every combination in sequential order as computers are today. Qubits can process different pieces of information simultaneously producing hundreds of possible solutions all at once.

    Today’s public key cryptography is based on factorization for RSA algorithms, or discrete log problems with DSA, Diffie-Hellman, and Elliptic-Curve Cryptography (ECC). Although these are sufficient protection today, using a quantum computer, a hacker would be able to break the algorithms or reduce the strength of the symmetric crypto keys and crypto hashes in minutes. Post-Quantum Cryptography uses a new set of Quantum Resistant Algorithms, created by researchers and tested by industry standard bodies such as NIST and ANSSI that are in the process of becoming a part of compliance requirements.

    To begin, quantum computers will co-exist alongside today’s computers, being used mainly for specialized purposes. Initially quantum computers will not likely supplant cloud servers, but instead work alongside the cloud providing enterprises and businesses quantum computer capabilities in an as-a-service style. However, they promise to revolutionize our idea of compute so it is important to prepare, as much as we can, for future changes in advance by practicing crypto-agility.

    To prepare for Post-Quantum Crypto (PQC), evaluate your risk exposure and create a plan to mitigate the risk. A recommended approach is to use hybrid solutions that depend on both classical and quantum-safe algorithms. Start preparing today by assessing your crypto inventory and your overall PQC readiness. Begin planning for a quantum-safe architecture, including support for new algorithms. 

    First, begin by looking at all your applications that manage sensitive information. If you were to change an algorithm, would the application still work? If not, what do you need to do to make them work? Be sure to do this for every crypto-dependent application in your organization to map out a plan that will allow for business continuity. Beginning early will help your organization have a smooth transition to protecting its data in a PQC world.

    There are strong indications that the quantum era will begin in the next few years. Organizations generally take a couple of years to implement change throughout their infrastructure. To prepare for a PQC world, organizations need to take steps now to protect their data, intellectual property, and more against hackers using quantum computers. For example, often organizations don’t know where their keys are, where encryption is being used, or which data is being protected and how. Waiting until quantum computers are generally available is a recipe for years of theft, compromise, and a failure to comply with quantum regulations, such as CSNA 2.0 on quantum-safe code signing. With data storage requirements being long-term, hackers are using a Harvest Now, Decrypt Later strategy that creates even more risks in the future.

    Certain industries are particularly vulnerable to quantum attacks now and in the future, in part due to the lifespan of the data or keys, but also in part due to the Harvest Now, Decrypt Later strategy being used by cyber criminals. Any software requiring authentication for smart devices in IoT, confidential communications using VPN, digital identities used by governments and enterprises to validate users, as well as any keys or data with a long lifespan such as in Code Signing certifications, Public Key Infrastructure, or medical devices.

    Preparing Your Organization for a Quantum Future Today

    Rather than being reserved for science fiction movies, quantum computers exist today as organizations drive towards commercialization.

    Get the eBook
    PQC ebook
    Post Quantum

    Post-Quantum Readiness Starts with Crypto-Agility

    Crypto-agility is a business strategy that enables you to future-proof your organization by:

    • Having the flexibility to quickly change protocols, keys, and algorithms
    • Using flexible, upgradeable technology
    • Reacting quickly to cryptographic threats, such as Quantum computing
    • Adding to your tech stack with minimal to no disruption

    Thales products have been purposely designed to help you be crypto-agile and Quantum-safe.

    Test Your PQC Assessment Contact Our Experts

    Building a Future-Proof Post-Quantum Strategy

    Securing an enterprise against quantum threats requires cybersecurity solutions that support Quantum Resistant Algorithms (QRA), and also offer options for Quantum Key Distribution (QKD) and Quantum Random Number Generation (QRNG). Thales is committed to delivering solutions that support a Post-Quantum crypto agile strategy.

    cloud

    Quantum Resistant Algorithms

    QRAs are fundamental to protecting against quantum attacks whether Lattice based, Multivariate, Hash based, or Code-based cryptography

    Key Generation

    Quantum Key Distribution

    QKD distributes encryption keys between shared parties based on the principles of quantum physics and the properties of quantum mechanics

    numbers

    Quantum Random Number Generation

    QRNG is a high bit rate random number source harnessing the inherent randomness in quantum mechanics to create encryption keys

    There are three component parts of a quantum safe solution, which we’ve done in our work with Wells Fargo to take some risks off the table. It starts at the key generation stage: How do you create the keys that you're using in your system? What type of keys are they? Then there is the algorithms and how do you look after them? That's the management aspect. Finally on the generation front, we are looking to produce keys that are fundamentally unpredictable. These three items are the definition for a strong key.
    Duncan Jones Head of Cybersecurity Quantinuum Watch the Webinar
    Quantinuum

    Kick off Post-Quantum Readiness with the PQC Starter Kit

    Thales and Quantinuum have partnered to create a PQC starter kit that accelerates the process of testing quantum-resilient measures in a safe environment.

    Get Started

    Thales Quantum-Ready Solutions

    HSM

    Rely on Luna HSMs as the market-leading crypto agile foundation of digital trust to reduce risk, ensure flexibility, easily manage keys, and simplify integrations.

    Protect Encryption Keys with Luna Hardware Security Modules

      HSMs protect quantum-safe keys:

      • Hash Based Signing (SP 800-208)
        • HSS – Hierarchical Signature Scheme (multi-tree version of LMS)
        • XMSS – Extended Merkle Signature Scheme
        • XMSSMT – XMSS Multi-Tree
      • SPHINCS+ (SLH-DSA)
      • Kyber (ML-KEM)
      • Dilithium (ML-DSA)

      Implement your own Post- Quantum Crypto using Luna’s Functionality Module (FM) or with various Partner FMs/integrations

      Inject quantum entropy with QRNG and Luna HSM’s secure key storage

      Address critical applications where high-quality random numbers are vital

      Secure Data in Transit with High Speed Encryptors (HSE)

        Thales HSEs include a framework to support QRA via firmware upgrade. Thales HSE solutions support all four NIST Quantum Resistant Public Key algorithms (finalists) in all products (plus other non-finalist algorithms).

        Thales HSEs are quantum-ready and QKD compatible for more than a decade.

        Quantum Random Number Generation is integrated into the HSE solution.

        HSE

        Thales HSE network encryption solutions support Post-Quantum Cryptography with a crypto-agile, FPGA-based architecture.

        The Quantum Computing Cryptopocalypse

        Security Sessions Podcast.
        For the latest on cloud & data security.

        Listen Now
        Thales Security Sessions

        Thales’ Growing Quantum Partner Ecosystem

        Senetas

        toshiba

        quantinuum

        quantum-safe

        idq

        quantumxchange

        CryptoNext

        PQShield

        DigiCert

        Keyfactor

        Garantir

        InfoSec Global

        IronCap

        Qrypt

        IBM

        Quantum Bridge