As of late, there’s been a lot of worried and concerned discussion regarding quantum computing. There are concerns that once quantum computers become available, all IT systems will collapse and be hacked; some blockchain enthusiasts worry that cryptocurrencies will become obsolete; governments worry that national security systems may be compromised. Are these valid concerns? In today’s blog, we’ll explore what quantum computers are and what we can do to manage concerns about the future.
What is Quantum Computing?
The modern-day computer uses “bits” as the basic unit, while quantum computers use “qubits.” The key difference is the way that qubits exist. For example, a bit can be a 0 or a 1, but a qubit can be a 0, 1, or both at the same time. Imagine a spinning coin. While spinning, a coin can be both heads and tails. In quantum mechanics, this is called the principle of superposition, and this superposition allows for quantum computers to process many possibilities simultaneously.
Another interesting property of qubits is entanglement. When qubits are “entangled,” the state of one qubit is directly related to the state of another. This means that if a qubit changes its state, it will instantly affect the other. This phenomenon of qubits enables quantum computers to perform complex calculations far more quickly than a computer using bits, which processes information in a linear, sequential manner.
Quantum computers are still in the early stages of development, and larger tech companies have already begun to create and use quantum computers for research and experimentation. Many experts will say that the quantum computers available today have a relatively small number of qubits and are susceptible to errors. However, some are optimistic that the technology will achieve more accuracy and broader use very soon.
What is Post-Quantum Cryptography (PQC)?
While quantum computing holds great promise for solving more complex problems, it also presents a great risk. If misused, quantum computers could, in theory, break encryption methods that secure sensitive data like personal communications, banking transactions, and even confidential government data.
This is why the development of Post-Quantum Cryptography is crucial to safeguard against this potential threat.
Post-quantum cryptography (PQC), in simple terms, refers to cryptographic algorithms that are secure even in quantum computing environments. Unlike the traditional cryptographic systems we use today, such as RSA or ECDSA, PQC algorithms rely on mathematical structures that quantum computers are less likely to break, such as lattice-based, hash-based, code-based, or multivariate polynomial-based.
Developing PQC for different use cases is essential because if we wait until quantum computing reaches supremacy, it could quickly render current cryptographic systems obsolete, leaving data vulnerable. The transition to PQC should begin now, as preparing for a quantum future will require proactive effort to ensure cybersecurity frameworks remain intact and resilient.
PQC Standardization and Regulatory Development
In 2016, the National Institute of Standards and Technology (NIST) launched a competition to standardize PQC. Researchers from all over the world submitted algorithms and through several rounds, 82 proposals were reviewed and in 2022 four algorithms were chosen: SPHINCS+, CRYSTALS-DILITHIUM, CRYSTALS-KYBER, and FALCON. They are incorporating these standards into the Federal Information Processing Standards (FIPS) document, and additional rounds will likely select new algorithms for digital signatures or other uses.
In April 2024, the European Commission published a recommendation for member states to develop a strategy for implementing PQC, which would define clear goals and timelines for the implementation. This has led several workstreams and think tanks to actively participate in developing and implementing PQC into the European digital infrastructure.
In 2022, the U.S. passed the “Quantum Computing Cybersecurity Preparedness Act,” which included a federal mandate for federal agencies to transition to PQC. The NSA announced that by 2035, all national security systems should implement PQC.
In South Korea, the transition to PQC is being actively addressed by the National Intelligence Service and the Ministry of Science and ICT. They released their roadmap for transitioning to quantum-resistant cryptographic systems in 2020, and the roadmap was designed to span over a 15-year period, setting the goal of fully integrating PQC by 2035.
PQC in Automotive Cybersecurity
The global implementation of PQC roadmaps is ongoing, and use cases can vary across governments and organizations, but one of the most important areas is the automotive industry. As modern vehicles are increasingly becoming software-centric, vehicle architecture is becoming increasingly sophisticated, integrating advanced connectivity features like OTA updates and V2X communications. These advancements enable smarter and more convenient mobility but also create a myriad of cybersecurity challenges if the vehicle architecture is breached, as many of the cryptographic methods were designed for more traditional computing environments.
However, though regulations and standards do not yet mandate its implementation, manufacturers, suppliers, and solution providers in the industry have already begun to explore and evaluate PQC implementation:
- NXP Semiconductors is developing quantum-resistant firmware updates for vehicle applications
- Vodafone is testing PQC-secured VPNs, which is focused more on network security, but the company states it could be extended to connected vehicle applications
- LG U+ showcased its PQC-based applications like secure digital keys and infotainment systems at CES 2023, and continues to develop quantum-resistant technology for network and cellular applications
As with traditional IT systems, once quantum computing reaches supremacy, vehicle systems could be vulnerable to attacks. Transition to PQC before quantum computing reaches practical implementation is crucial, as many worry that bad actors could already be stockpiling encrypted automotive data, waiting for quantum computing to enable them to decrypt, a long-term attack strategy known as “Harvest Now, Decrypt Later” (HNDL).
Preparing for the Post-Quantum Future
While there’s no way to know when quantum computers will reach practical supremacy, one thing is clear: the transition to PQC is no longer a theoretical need but an urgent necessity, especially in–vehicle applications.
However, transitioning to PQC–based solutions comes with its own set of challenges. PQC algorithms require a greater amount of computational power, which can be a concern for existing automotive hardware. This is why early testing, standardization, and collaboration will prove to be invaluable for realistic integration.
The dilemma is not whether we should implement PQC but how quickly we can make it a reality. The automotive sector has a lot of work to do, and security solutions providers like AUTOCRYPT are on track to ensure that the transition happens efficiently and securely.
To stay informed about the latest news on mobility tech and software-defined vehicles, read our blog for more technology insights or subscribe to AUTOCRYPT’s monthly newsletter.
