An important part of every organization’s post-quantum cryptography (PQC) transition plan should be understanding and monitoring timelines. Timelines enable you to visualize the sequence of events, which can help you prioritize the steps in your organization’s action plan. They also help you identify key milestones and transition points that will either gate or enable the progression.
There are two key timelines your organization should keep in mind when thinking through quantum computing (QC) and its security implications: QC technology advancement and industry PQC readiness. These are illustrated in the figure below.
Timeline #1: QC technology advancement
This timeline looks at the evolution of QC prototypes and technological advancements we can expect to see as we progress towards the availability of scaled quantum computers. Some key metrics for quantifying advancement include the number of quantum bits (qubits), error rates, qubit coherence time, number of quantum operations supported (called “depth”), and more. Broadly, you might look for metrics and milestones in both qubit technologies and the increase in the number of qubits. Note, however, that the number of qubits can be misleading if they are only partially entangled, have high error rates, or support relatively few operations before becoming decoherent.
This timeline illustrates the increasing level of urgency for PQC readiness. The slower the progression, the more time the industry has to work on PQC standards, implementations, migration frameworks, and (eventually) transition. Fast advancements, on the other hand, could quickly increase the urgency for the industry’s PQC readiness. Note, of course, that it’s possible that the pace of QC development will pause; that is, key technical hurdles may slow progress for a significant time interval. While possible, many feel that success is inevitable, given massive investment by governments and industry around the world and the feverish pace of R&D.
Two notable milestones to be aware of are quantum advantage (a.k.a., “supremacy”) and the problem of error correction. The former is a real-world demonstration of computation that could not have been performed by a well-provisioned “classical” computer within a reasonable interval of time (i.e., not hundreds or thousands of years). Google made headlines with a first pass at this in their landmark paper published in Nature (“Quantum Supremacy Using a Programmable Superconducting Processor,” October 23, 2019), but detractors argued that the workload involved was hardly useful in practice.
Quantum error correction is (in theory) a promising technique for correcting physical qubit errors. Many feel this will be a key milestone for making reliable QCs at scale and a successful demonstration of quantum error correction is a key milestone to watch for. Essentially, multiple physical qubits can be entangled to form a logical qubit and, in doing so, provide protection against physical errors. A key problem will be limiting the overhead involved to make the approach useful in practice.
Timeline #2: industry PQC readiness
Your organization should also be carefully tracking the progress of PQC standardization and subsequent industry readiness from various points of view. All eyes are on the National Institute of Standards and Technology (NIST), who has been working diligently through the PQC proposal and vetting process with the cryptography research community since 2016. After more than 69 submissions and three rounds of vetting, draft standards are likely to be announced in early 2022. After this, there will be a two-year commentary period when the industry is encouraged to submit feedback and discussion on the proposed standards. Finally, NIST will announce published standards and their required use in various government contexts.
It’s a mistake, however, to see this as the only component of industry’s path to cryptographic readiness. In many ways, NIST standards are just the beginning. First, there is the issue of implementation and PQC’s availability in various cryptography libraries that are in wide use today (think OpenSSL, BoringSSL, Microsoft CAPI, Oracle JCA, Java Bouncy Castle, and so on). Implementing cryptography is something of an art. Those in the know will think carefully about correctness, performance, and side-channel vulnerabilities (such as timing and memory attacks). It will take time before libraries are reliably hardened.
Another vector is second-order standardization efforts. Public key cryptography is used across so many different domains and applications (communications, authentication, access control, key management, integrity management, attestation, etc.) that there will undoubtedly be widespread committee work integrating PQC into many other standards (TLS, X.509, KMIP, OAuth, DNSSEC, PKI, WP2, etc.). Your organization undoubtedly does business in specific sectors with associated regulations and standards that will be impacted. You should be aware of PQC working groups and how they might affect the standards most important to your enterprise.
Customizing your big picture
The timelines I’ve shown above are just a sketch. It’s important that your organization discusses what you see as significant events and milestones along each timeline. For example, perhaps it isn’t so much the scientific advances of QC that are important to you, but rather the policy and regulation impact on various organizations or customers you work closely with. Or, perhaps your PQC readiness timeline focuses more specifically on a particular industry sector, the implications for your suppliers, or a specific subset of standards that are part of your bread-and-butter business.
I hope this discussion has helped you to better see the landscape of PQC readiness and how you might approach understanding it. Stay tuned for more blogs on this topic.