Will Hybrid Cryptography Protect Us from the Quantum Threat?

By Roberta Faux, Director of Advance Cryptography, BlackHorse Solution

mitigating quantum threat

Our new white paper explains the pros and cons of hybrid cryptography. The CSA Quantum-Safe Security Working Group has produced a new primer on hybrid cryptography. This paper, “Mitigating the Quantum Threat with Hybrid Cryptography,” is aimed at helping non-technical corporate executives understand how to potentially address the threat of quantum computers on an organization’s infrastructure. Topics covered include:

–Types of hybrids
–Cost of hybrids
–Who needs a hybrid
–Caution about hybrids

The quantum threat

Quantum computers are already here. Well, at least tiny ones are here. Scientists are hoping to solve the scaling issues needed to build large-scale quantum computers in the next 10 years, perhaps. There are many exciting applications for quantum computing, but there is also one glaring threat: Large-scale quantum computers will render vulnerable nearly all of today’s cryptography.

Standards organizations prepare

The good news is that there already exist cryptographic algorithms believed to be unbreakable—even against large-scale quantum computers. These cryptographic algorithms are called “quantum resistant.” Standards organizations worldwide, including ETSI, IETF, NIST, ISO, and X9, have been scrambling to put guidance into place, but the task is daunting.

Quantum-resistant cryptography is based on complex underlying mathematical problems, such as the following:

  • Shortest-Vector Problem in a lattice
  • Syndrome Decoding Problem
  • Solving systems of multivariate equations
  • Constructing isogenies between supersingular elliptic curves

For such problems, there are no known attacks–even with a future large-scale quantum computer. There are many quantum-resistant cryptographic algorithms, each with numerous trade-offs (e.g., computation time, key size, security). No single algorithm satisfies all possible requirements; many factors need to be considered in order to determine the ideal match for a given environment.

Cryptographic migration

There is a growing concern about how and when to migrate from the current ubiquitously used “classical cryptography” of yesterday and today to the newer quantum-resistant cryptography of today and tomorrow. Historically, cryptographic migrations require at least a decade for large enterprises. Moreover, as quantum-resistant algorithms tend to have significantly larger key sizes, migration to quantum-resistant systems will likely involve updating both software and protocols. Consequently, live migrations will prove a huge challenge.

Cryptographic hybrids

A cryptographic hybrid scheme uses two cryptographic schemes to accomplish the same function. For instance, a hybrid system might digitally sign a message with one cryptographic scheme and then re-sign the same message with a second scheme. The benefit is that the message will remain secure even if one of the two cryptographic schemes becomes compromised. Hence, many are turning to hybrid solutions. As discussed in the paper, there are several flavors of hybrids:

  • A classical scheme and a quantum-resistant scheme
  • Two quantum-resistant schemes
  • A classical scheme with quantum key distribution
  • A classical asymmetric scheme along with a symmetric scheme

However, adopting a quantum-resistant solution prematurely may be even riskier.

Hybrid drawbacks

Hybrids come at the cost of increased bandwidth, code management, and interoperability challenges. Cryptographic implementations, in general, can be quite tricky. The threat of a flawed hybrid implementation would potentially be even more dangerous than a quantum computer, as security breaches are more commonly the result of a flawed implementation than an inherently weak cryptosystem. Even a small mistake in configuration or coding may result in a diminishment of some or all of the cryptographic security. There needs to be very careful attention paid to any hybrid cryptographic implementation in order to ensure that it does not make us less secure.

Do you need a hybrid?

Some business models will need to begin migration before standards are in place. So, who needs to consider a hybrid as a mitigation to the quantum threat? Two types of organizations are at high risk, namely, those who:

  • need to keep secrets for a very long time, and/or
  • lack the ability to change cryptographic infrastructure quickly.

An organization that has sensitive data should be concerned if an adversary could potentially collect that data now in encrypted form and decrypt it later whenever quantum computing capabilities become available. This is a threat facing governments, law firms, pharmaceutical companies, and many others. Also, organizations that rely on firmware or hardware will need significant development time to update and replace dependencies on firmware or hardware. These would include industries working in aerospace, automotive connectivity, data processing, telecommunications, and organizations that use hardware security modules.


The migration to quantum resistance is going to be a challenge. It is vital that corporate leaders plan for this now. Organizations need to start asking the following questions:

  • How is your organization dependent on cryptography?
  • How long does your data need to be secure?
  • How long will it take you to migrate?
  • Have you ensured you fully understand the ramifications of migration?

Well-informed planning will be key for a smooth transition to quantum-resistant security. Organizations need to start to conduct experiments now to determine unforeseen impacts. Importantly, organizations are advised to seek expert advice so that their migration doesn’t introduce new vulnerabilities.

As you prepare your organization to secure against future threats from quantum computers, make sure to do the following:

  • Identify reliance on cryptography
  • Determine risks
  • Understand options
  • Perform a proof of concept
  • Make a plan

Mitigating the Quantum Threat with Hybrid Cryptography offers more insights into how hybrids will help address the threat of quantum computers. Download the full paper today.

What Will Happen If Encryption Used to Protect Data in Corporations Can Be Broken?

By Edward Chiu, Emerging Cybersecurity Technologist, Chevron

Preparing Enterprises for the Quantum Computing Cybersecurity Threats

While the development of quantum computers is still at a nascent stage, its potential in solving problems not feasible with classical computers draws interest from many industries.

On one hand, Volkswagen is researching using quantum computers to help optimize traffic, and researchers at Roche are investigating the use of quantum computing in biomedical applications.

On the other, a quantum computer powerful enough to run Shor’s algorithm poses a severe threat to asymmetric encryption (also known as public key encryption), which in turn plays a vital role in data security. The use of asymmetric encryption is pervasive and transcends industries and companies, thus quantum computing’s impact is far reaching.

Preparing Enterprises for the Quantum Computing Cybersecurity Threats” is a new paper published by the CSA Quantum-Safe Security Working Group that provides an overview of the cybersecurity risks posed by quantum computing and encourages cybersecurity professionals and decisionmakers to begin planning now as the consequences of inaction are dire.

The paper illustrates the dark side of quantum computing and its impact to cryptography, how asymmetric encryption can be broken, and what practical steps enterprise decision-makers can take now to prepare for the emerging threat. Topics covered in the paper include:

  • What is quantum computing?
  • Impact of quantum computing on cryptography
  • The time to prepare is now
  • Preparation steps for a post-quantum era

Impact on asymmetric encryption

Asymmetric encryption is the cornerstone of data security on the Internet. Whenever someone uses a browser to log in to their bank account, asymmetric encryption known as RSA is being used. In 1994, MIT mathematicians formulated an algorithm that provides exponential speedup in the factorization of large prime numbers. A quantum computer powerful enough to run Shor’s algorithm and crack mainstream RSA cryptosystems poses catastrophic consequence to data security.

Hybrid cryptography

In recent years, cryptographers have been experimenting with the use of hybrid cryptography to mitigate quantum threats. Hybrid cryptography refers to the use of two or more cryptographic schemes, an example of which is a X.509 digital certificate that has two signatures—one classical and the other quantum-resistant. The goal is to provide resistance to both classical and quantum cryptanalytic attacks.

What should IT decision-makers do now?

What can we do now while waiting for the arrival of a quantum computer capable of breaking encryption, an event sometimes referred to as the year to quantum (Y2Q)? IT decision-makers should begin to lay out an actionable plan to prepare for the Y2Q now, using this paper as an actionable guideline.

Download the full paper now.