In the new DigiCert survey, what are the findings as per the Post Quantum Cryptography is concerned and what measures do you suggest to enhance cyber security?
The survey generated a number of interesting results. First, we found that awareness of the threat that quantum computing poses to encryption is high. Furthermore, many organizations either have or are planning to have funding allocated to address this threat. On the other hand, we found that most people are unfamiliar with the techniques to address the threat.
So the best course of action is for people to continue educating themselves about the technologies that are available, and come up with a plan for how to deploy them to their systems. These techniques include post-quantum cryptography, hybrid encryption, and hash-based signatures.
Quantum Computing has steadily started growing in India. What are the cyber security challenges as a result?
Modern encryption, key management and digital signatures are based on two asymmetric cryptographic algorithms: RSA and ECC. Both of these algorithms are vulnerable to compromise by a sufficiently powerful quantum computer. While those do not exist yet, they will likely exist in the future, and will be able to decrypt data encrypted with those algorithms, including data being encrypted today. The solution is to transition to post-quantum cryptographic algorithms, which are not vulnerable to quantum computers.
What are the use cases of quantum computing in India (for both government and enterprises)?
Quantum computing also will have many positive impacts on computing. The current generation of quantum computers is not quite powerful enough to solve important problems, but I expect that to change within the next year or two. Potential problems that quantum computers can solve include simulating quantum systems for materials or drug design, or simulating other large, complex systems like the weather. They also may be useful in solving optimization problems, including those found in areas like artificial intelligence.
What is the IT security infrastructure required to guard enterprises against the challenges in the wake of quantum computing?
Existing asymmetric cryptography based on RSA and ECC need to be replaced with post-quantum techniques. This means upgrading all the relevant software and hardware as the changes become available. In some cases, this will require a complete redesign of the cryptographic infrastructure. Enterprises need to pay attention to developments in this area, and ask all their software and hardware vendors what their plans are, and when post-quantum cryptography will be available in their products.