Why It's Time To Invest In Quantum Cybersecurity Now (aptiv.com)
- Reference: 0178370832
- News link: https://it.slashdot.org/story/25/07/13/2152256/why-its-time-to-invest-in-quantum-cybersecurity-now
- Source link: https://www.aptiv.com/en/insights/article/why-it-s-time-to-invest-in-quantum-cybersecurity
> Organizations need time to implement post-quantum cryptography (PQC) transition plans methodically — and that applies both to anyone with an IT infrastructure and to anyone building software-defined systems. "Current encryption, such as RSA and ECC [elliptic curve cryptography], will become obsolete once quantum computing matures," said Cigent cofounder John Benkert. "Management often assumes cybersecurity threats are only present-day problems. But this is a future-proofing issue — especially relevant for industries dealing with sensitive, long-lifespan data, like healthcare, finance or government." Remediation requires long-term planning. Organizations that wait until quantum computers have broken encryption to address the threat will find that it is too late.
Start by building an inventory of what needs to change, Witten recommends. (Fortunately, "It's a matter of using newer and different chips and algorithms, not necessarily more expensive components," he writes, also suggesting requests for proposals "should ask vendors to include a PQC update plan.")
Firmware will also need quantum-resistant digital signatures. ("Broken authentication lets bad things happen. Someone could remotely take over a vehicle, for instance, or send malicious code for autonomous execution later, even after the vehicle has gone offline.") And remember that post-quantum key sizes are larger, requiring more storage space. "In some cases, digitally signed messages with security information could triple in size, which could impact storage and bandwidth."
Thanks to [1]Esther Schindler (Slashdot reader #16,185) for sharing the article.
[1] https://www.slashdot.org/~Esther+Schindler
use a dog to factor... (Score:2)
Don't worry -- a dog can match current quantum factoring:
[1]https://eprint.iacr.org/2025/1... [iacr.org]
[1] https://eprint.iacr.org/2025/1237
Re: (Score:2)
Indeed. This thing has been nothing for the last 35 years I have been following it.
Your messages today will be read tomorrow (Score:2)
The most pressing part of quantum computing is that your messages today, along with the key agreements, are being recorded. A quantum computer will be able to break the key agreement and read those messages.
Re: (Score:2)
No. Any competently done encryption has forward secrecy. And then the attackers cannot do a single key for a target, but need to run the key-exchange through a complex key-exchange breaking calculation for _each_ message. That will be prohibitive in most cases.
Some inaccuracies (Score:2)
"Current encryption will become obsolete" - only asymmetric crypto. Symmetric crypto, as well as hashes aren't affected (at least not much, you might want to double key sizes but you don't need fundamental changes.)
"Post-quantum key sizes are larger" - that depends. Basically, the algorithms are less efficient than conventional asymmetric algorithms, but there are quite a few different options out there with different inefficiencies. For example, SLH-DSA has tiny keys, but the signatures are huge and making
Note to self (Score:2)
Move to quadruple ROT-13, ASAP!
Re: (Score:2)
That's so last century. We're using ROT-14 now... 13 iterations should be plenty.
Meanwhile... (Score:3)
Practical quantum prime factorization is all the way up to (some) 2 digit numbers and it only took 20 years. Lately, scaling of quantum computers seems to have hit a wall. MS's meetoo quantum chip turned out to be a mock-up, Google's imminant announcement of the largest QC yet is now a year overdue and silence from the hype machine is ominous.
So I guess this is Aptiv trying to cash in (or perhaps cash out) before the bust.
Re: (Score:2)
It's sort of an interesting mix of goofy hype and actual(but relatively boring) worth-looking-into.
Not so much because of 'quantum' necessarily; it's entirely possible that someone will get an at least somewhat worrisome classical efficiency improvement worked out before the quantum computing types reach anything of useful size; and it's probably worth betting money that particular cryptographic implementations will turn out to be flawed; but because it takes a fair amount of awareness to even have a co
Re: (Score:2)
I agree it is something to keep an eye on. It is not something that will be a threat in any time-frame that would need preparation now. Crypto-agility is _always_ a good idea to have tough.
Re: (Score:2)
> Practical quantum prime factorization is all the way up to (some) 2 digit numbers and it only took 20 years..
More like 40 years. The whole thing is just a bad idea that will not die and gets hyped all out of proportion. Maybe we can do another attempt in 100 years or so, but at this time we cannot even scale up at grossly insecure stuff. Wake me when they can factor 1024 bit.
Should've started preparing years ago (Score:1)
Oh wait, we have been.
Do a date-restricted internet search for "post-quantum cryptography" for anything older than, say, 5 years ago to see that the world is taking this seriously.
Over-hyped. (Score:2)
> Organizations need time to implement post-quantum cryptography (PQC) transition plans methodically — and that applies both to anyone with an IT infrastructure and to anyone building software-defined systems.
If your software isn't capable of using fallback encryption algorithms then your company is already in trouble because it haven't learned shit about security. However, everyone with a lick of sense has made sure multiple encryption algorithms are acceptable in case one becomes a risk. Therefore, you need only need add a PQC encryption algorithm to your software's capabilities (which are now available in most every crypto library thanks to NIST) and wait to remove older algorithms.
The secure communications w
This really is bullshit (Score:2)
QCs have been worked on for something like 50 years now, and there _still_ is not a single functional one. There is no threat.
As an automotive technology supplier? (Score:2)
Perhaps they could concentrate more on improving the rather dismal state of automotive security as it exists today rather than worrying about ten years from now. Post quantum cryptography is the least of their worries.
useing non dealer service and repair is bad got to (Score:2)
useing non dealer service and repair is bad got to lock that out at the quantum. While makeing nice profit by selling $100-$200 ssds at $300-$400