The Post-Quantum Cryptography Alliance was announced on Tuesday by The Linux Foundation. This alliance is an initiative intended to drive the adoption of post-quantum cryptography and respond to the potential security risks that could arise from quantum computing.
The partnership was revealed alongside several key players in the industry, including Google, IBM, Amazon Web Services, and Cisco. While quantum computing is not yet widely available to the public, experts have recognized its potential to render current common cryptographic practices inadequate from a security standpoint.
The Post-Quantum Cryptography Alliance (PQCA) aims to be an open and collaborative initiative to drive the advancement and adoption of post-quantum cryptography, according to a news release published Tuesday and the initiative’s website. The PQCA will bring together industry leaders, researchers, and developers to address cryptographic security challenges posed by quantum computing by producing high-assurance software implementations of standardized algorithms and supporting the continued development and standardization of new post-quantum algorithms.
Given the rapid advancements in quantum computing, the need for robust cryptographic solutions capable of withstanding attacks from future cryptographically-relevant quantum computers has become paramount.
The PQCA plans to participate in various technical projects related to the development, evaluation, prototyping, and deployment of post-quantum algorithms. As one of its initial projects, the initiative is supporting the Open Quantum Safe (OQS) project, founded in 2014 at the University of Waterloo in Ontario. OQS is an open-source project dedicated to supporting the transition to quantum-resistant cryptography.
Omkhar Arasaratnam, general manager of the Open Source Security Foundation (OpenSSF), emphasized the threat of quantum computing against modern encryption. “Sufficiently powerful quantum computers will easily compromise the cryptography we use today,” he said. “While these computers are unavailable now, NIST estimates we might see such systems as early as 2030. Changing cryptography is complex. Organizations should begin migrating to hybrid encryption solutions today.”
In support of the initiative, Arasaratnam highlighted the importance of the PQCA, stating that it is critical to ensure developers can access robust cryptographic libraries implementing post-quantum cryptography in various popular languages. He also expressed the OpenSSF’s strong support for the PQCA and its anticipation of working closely with them to make open source software secure for everyone.
Douglas Stebila, associate professor of cryptography at the University of Waterloo and co-founder of the Open Quantum Safe project, stressed the importance of transitioning to quantum-resistant algorithms due to the potential threat of a large-scale quantum computer being able to break modern public key encryption algorithms that are widely used in current IT infrastructure. He pointed out that while no large-scale quantum computer has been built yet, it is important to start the transition process now to ensure preparedness and protection against quantum threats before they materialize.
As we become increasingly reliant on digital systems, the potential impact of quantum-enabled cryptographic breaches becomes more significant. Implementing quantum-resistant encryption will require a substantial amount of time and resources for research, standardization, and implementation. Starting this process now ensures preparedness and protection against quantum threats, safeguarding digital and national security interests for the future.
The formation of the Post-Quantum Cryptography Alliance represents an important step towards addressing potential security vulnerabilities and ensuring the resilience of cryptographic systems in the face of rapid technological advancements. As the alliance continues to develop and implement post-quantum cryptographic solutions, the industry will be better equipped to mitigate the security risks posed by quantum computing.