All Post-Quantum, PQC Posts
-
Post-Quantum
Hybrid Cryptography for the Post-Quantum Era
By combining classical and post-quantum cryptographic primitives in tandem, hybrid schemes provide defense-in-depth during this transition period. In practice, a hybrid approach might mean performing both a traditional elliptic-curve key exchange and a post-quantum key exchange inside the same protocol, or signing a document with both an ECDSA signature and a Dilithium (post-quantum) signature. The result is that an attacker would need to break all…
Read More » -
Post-Quantum
Quantum Key Distribution (QKD) 101: A Guide for Cybersecurity Professionals
Quantum Key Distribution (QKD) is a cutting-edge security technology that leverages quantum physics to enable two parties to share secret encryption keys with unprecedented security guarantees. Unlike classical key exchange methods whose security rests on computational assumptions, QKD’s security is rooted in the laws of physics – any eavesdropping attempt will unavoidably disturb the quantum signals and reveal itself. With large-scale quantum computers on the…
Read More » -
Quantum Computing
Adiabatic Quantum (AQC) and Cyber (2024 Update)
Adiabatic Quantum Computing (AQC) is an alternative paradigm that uses an analog process based on the quantum adiabatic theorem. Instead of discrete gate operations, AQC involves slowly evolving a quantum system’s Hamiltonian such that it remains in its lowest-energy (ground) state, effectively “computing” the solution as the system’s final state. AQC and its practical subset known as quantum annealing are particularly geared toward solving optimization…
Read More » -
Quantum Computing
Quantum Hacking: Cybersecurity of Quantum Systems
While these machines are not yet widespread, it is never too early to consider their cybersecurity. As quantum computing moves into cloud platforms and multi-user environments, attackers will undoubtedly seek ways to exploit them.
Read More » -
Post-Quantum
Post-Quantum Cryptography (PQC) Meets Quantum AI (QAI)
Post-Quantum Cryptography (PQC) and Quantum Artificial Intelligence (QAI) are converging fields at the forefront of cybersecurity. PQC aims to develop cryptographic algorithms that can withstand attacks by quantum computers, while QAI explores the use of quantum computing and AI to both break and bolster cryptographic systems.
Read More » -
Post-Quantum
Cryptographic Bill of Materials (CBOM) Deep-Dive
Cryptographic Bill of Materials (CBOM) represent the next evolution in software transparency and security risk management. As we have explored, a CBOM provides deep visibility into an application’s cryptographic underpinnings – an area that has often been opaque to security teams. By enumerating algorithms, keys, certificates, and their usage, CBOMs empower organizations to tackle challenges ranging from quantum cryptography transition and legacy crypto cleanup to…
Read More » -
Post-Quantum
How to Perform a Comprehensive Quantum Readiness Cryptographic Inventory
A cryptographic inventory is essentially a complete map of all cryptography used in an organization’s systems – and it is vital for understanding quantum-vulnerable assets and planning remediation. In theory it sounds straightforward: “list all your cryptography.” In practice, however, building a full cryptographic inventory is an extremely complex, lengthy endeavor. Many enterprises find that even identifying all their IT assets is challenging, let alone…
Read More » -
Post-Quantum
Infrastructure Challenges of “Dropping In” Post-Quantum Cryptography (PQC)
Post-quantum cryptography (PQC) is moving from theory to practice. NIST has now standardized several PQC algorithms - such as CRYSTALS-Kyber for key exchange (now known as ML-KEM) and CRYSTALS-Dilithium and SPHINCS+ for digital signatures - and major tech companies like Google, AWS, and Cloudflare have begun experimenting with integrating these algorithms. On the surface, it may seem that we can simply “drop in” PQC algorithms…
Read More »