Cryptographically relevant quantum computers (CRQC), when they become available, will threaten the security of your organisation’s current systems that rely on traditional asymmetric cryptographic algorithms. But that doesn’t mean your organisation must be a sitting duck and remain vulnerable.
Organisations should protect their IT environment against the threat of a CRQC now, even though a CRQC may not exist for some time. Early action is crucial because:
- deploying protections against a CRQC may take longer than expected
- estimating the timeline to achieve a CRQC is uncertain as quantum computing is an active area of research
- storing highly sensitive or classified data using classical encryption methods may be vulnerable to ‘harvest now, decrypt later’ attacks.
Post-quantum cryptography (PQC) involves the creation and use of quantum-resistant cryptographic algorithms. In principle, these algorithms offer a low-cost and practical path to maintaining the security of data in the presence of a quantum computer.
ASD provides detailed advice in the Information security manual (ISM) on ASD approved cryptographic algorithms, key sizes and parameters. The ISM recommends ceasing the use of traditional asymmetric cryptography by the end of 2030. Instead, ASD recommends using post-quantum ASD-approved cryptographic algorithms.
Get our updated advice for preparing for post-quantum cryptographic algorithms.