Software Vendors: Using Y2Q (Years to Quantum) to their Advantage
With the increasing progress being made on quantum computers, there is an increasing concern that public key encryption algorithms like RSA and Diffie-Hellman will be at risk due to Shor’s algorithm that can factor large numbers on a quantum computer. Although breaking these public key encryption codes will take a large quantum computer that may not be available for another 8-10 years, many vendors of enterprise software include these public key encryption algorithms within any piece of software that involves communication of information.
Purchasing Cycle and Analysis
Most large purchases of enterprise software go through a complex purchasing cycle involving requirements analysis, response to questionnaires, RFQs, demos, proof-of-concept, etc. Companies are very careful during their selection because such software tools as ERP (Enterprise Resource Planning), CRM (Customer Relationship Management), MRP (Material Requirements Planning), etc. are critical for operation of the enterprise and if these systems fail or are hacked into, it could cost their companies millions of dollars. This suggests to us that soon – quite soon – protection of a broad range of software from quantum intrusion will become of importance.
It may be premature for software companies to support some form of quantum resistant encryption, but Inside Quantum Technology believes that we have already reached the stage where software vendors should indicate this feature is part of future product roadmaps. The threat of cybersecurity is visibly increasing and any recognition of the Y2Q threat to security and that a software vendor has future plans to counteract this can help makes responses to an RFI look more favorable to an IT executive. It will help give software companies have a leg up over competitors who do not include this as part of their response.
From the end user perspective, it may be a little early to expect that a software vendor supports quantum protection today, but early enough that the end user might look for an indication that the vendor has implemented a crypto-agile platform that will be able to accommodate a variety of quantum resistant encryption techniques once they are standardized. Vendor responses provide a good reading of how thoroughly the vendors are thinking about their future roadmaps and addressing security concerns. Any software choosen now will be difficult to change and will likely still be in use (with periodic updates) for the next 10-20 years, well after quantum computers.
For all these reasons we are seeing a ramping up of the post-quantum cryptography (PQC) sector, with many new firms popping up in this space in the past couple of years. Inside Quantum Computing has recently published an in-depth industry analysis report on PQC. More details of this report can be found at https://www.insidequantumtechnology.com/product/post-quantum-cryptography-ten-year-forecast/.
Also, to learn more about PQC and quantum technology in general, visit the Inside Quantum Technology Conference, which will be held at the Hynes Convention Center, Boston, March 19-21. Also note that Inside Quantum Technology will be publishing a report on QKD Markets in March.