Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto

by Roger A. Grimes

Will your organization be protected the day a quantum computer breaks encryption on the internet? Computer encryption is vital for protecting users, data, and infrastructure in the digital age. Using traditional computing, even common desktop encryption could take decades for specialized ‘crackers’ to break and government and infrastructure-grade encryption would take billions of times longer. In light of these facts, it may seem that today’s computer cryptography is a rock-solid way to safeguard everything from online passwords to the backbone of the entire internet. Unfortunately, many current cryptographic methods will soon be obsolete. In 2016, the National Institute of Standards and Technology (NIST) predicted that quantum computers will soon be able to break the most popular forms of public key cryptography. The encryption technologies we rely on every day―HTTPS, TLS, WiFi protection, VPNs, cryptocurrencies, PKI, digital certificates, smartcards, and most two-factor authentication―will be virtually useless. . . unless you prepare.  Cryptography Apocalypse is a crucial resource for every IT and InfoSec professional for preparing for the coming quantum-computing revolution. Post-quantum crypto algorithms are already a reality, but implementation will take significant time and computing power. This practical guide helps IT leaders and implementers make the appropriate decisions today to meet the challenges of tomorrow. This important Cryptography Preparing for the Day When Quantum Computing Breaks Today's Crypto is a must-have guide for anyone in the InfoSec world who needs to know if their security is ready for the day crypto break and how to fix it.

Genres: Computers, Nonfiction, Technology, Science

272 pages, Paperback

Published November 12, 2019

Reviews

[Ben Rothke · Rating 5 out of 5]

September 3, 1967 is a day known as Dagen H (H day) in Sweden. On that day, all car traffic was switched from driving on the left-hand side of the road to the right side. It was the most significant logistical event to date, in the history of Sweden.

In the not too distant future, we may have what could be known as Q Day—the day in which quantum cryptography renders large swaths of traditional cryptography broken. In Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto (Wiley 978-1-119-61822-5), author Roger Grimes has written a remarkable book on how to prepare for that fateful day.

A few years ago, at RSA Conference, I asked Dr. Jane Melia of QuintessenceLabs, a quantum cryptography hardware, and software provider, why firms should consider purchasing their expensive products. She offered several reasons, one of which is that it was a hedge against broad quantum cryptography becoming mainstream, which would render much of a firm's secrets, quite public. How long that hedge will be is anyone's guess. But everyone agrees that it is inevitable.

While quantum mechanics is weird and quite unintuitive, Grimes does a great job of explaining it in layman's terms. He provides an excellent and readable introduction to the various areas of quantum mechanics and quantum physics.

There is a perception that once quantum computing becomes fully workable, it will break all cryptography. The book makes it clear that such is not that case, and details what quantum computers will be able to break, and what they won't be able to. In short, quantum computers will be able to break any cipher algorithm whose security relies on problems related to integer factorization, discrete logarithm, elliptic-curve or any other closely related mathematical problems. What quantum computers won't be able to break are symmetric ciphers such as AES, newer integrity hashes such as SHA-2 and SHA-3. The book lists in detail what ciphers and algorithms are at risk.

While Dagen H happened overnight, Grimes writes that most changes won't happen instantly, but will occur across a multitude of timelines based on different use cases and applications. Some will be in weeks, others in months and years. But far-reaching monumental changes are coming.

The first part of the book is introductory and theoretical, but the rest of the book is highly practical. Grimes lays out the various use cases and concrete steps one needs to take to ensure they are not blindsided by the upcoming advent of quantum cryptography. One may take the naïve approach to throw out all of their quantum vulnerable crypto and replace it with quantum-resistant solutions. But Grimes writes that one has to approach that method with caution for several reasons. Rushing prematurely into the world of quantum cryptography will likely not make things much better.

To that, the book details how one should adequately prepare for the quantum apocalypse. It lists four major post-quantum mitigation phases and six major post-quantum mitigation project steps. It also mentions numerous vendors currently active in the quantum cryptography space.

The question everyone in information security has to ask is this: Will your organization be protected the day a quantum computer breaks encryption? For those who want to answer that in the positive, Cryptography Apocalypse has all that you need to know to answer in the positive. The book provides the reader with nearly everything they need to know on the topic and is an essential and unique reference on the subject.

[Kursad Albayraktaroglu · Rating 5 out of 5]

"Cryptography Apocalypse" by Roger Grimes is a book that anyone involved in computer security should read - the promises of quantum computing are real, and there is a very high likelihood that the continuing advances in quantum computers will break most public-key cryptography (and some private-key cryptography) in the next few decades. Having a thorough understanding of quantum computing and the vulnerabilities of today's cryptography is therefore crucial.

Grimes starts the book with a thorough survey of today's quantum computing landscape and a solid, if brief, introduction to quantum physics and quantum computers. While some background on these subjects is helpful, it is not really needed - the introductory chapters of the book are replete with links to academic papers, Web sites, and even quite a few YouTube videos that describe the underlying concepts very well.

Later chapters of the book describe what makes today's cryptography vulnerable to quantum computers (including in-depth discussions of Grover's and Shor's algorithms), possible paths to mitigation, and what PQ (post-quantum) cryptography is going to look like. Grimes includes a lot of material on quantum-resistant algorithms and protocols in development; and a great chapter on quantum cryptography.

A great addition to any high technology professional's bookshelf - I am sure I will keep coming back to this book as quantum computing advances. Highly recommended.

[Bernard · Rating 4 out of 5]

I had heard the term quantum computing, but I didn't really know anything about it. Until I ran into this book, I didn't really care. Now, knowing that those computers may be close to quantum supremacy and that they can break a lot of existing cryptography, I am now very interested.

Planning for security nightmares, BEFORE the event happens, is critical to effective I.T. management. On a personal basis, I find myself concerned about the vulnerabilities of VPNs and cyber-currencies.

The book covers the subject effectively. Quantum computing is a very big subject, and the author didn't get overly bogged down in minute details.

The author gives quite a few useful tips and to what actions you can take now and what you need to be aware of to make intelligent decisions. If you administer networks or handle computer security, this is a MUST READ.

[Nick · Rating 3 out of 5]

This is a fairly rudimentary introduction to quantum computing. The author talks vaguely about quantum mechanics and the computers in a way I've read before. You won't learn anything new here. And unfortunately this book was published around 2019 so the specific information about companies and progress are out of date.

[Rauli Salminen · Rating 4 out of 5]

A very thorough look into how quantum computing will change the landscape of cryptography in the near future. A mix of theoretic information and tangible guidance. A recommendation for any IT professional and anyone interested in cryptography. Be ready to learn 50 new acronyms though.

[Rafal · Rating 3 out of 5]

A welcoming introduction to quantum computing, albeit with somewhat dry writing. Some good, high-level explanations included, especially on quantum algorithms. The ending is cringeworthy, featuring a draft of an email to a CTO about the danger of traditional cryptography being broken.

[Derrick Monk · Rating 5 out of 5]

Great book, very deep in fundamentals

[Ray Savarda · Rating 4 out of 5]

A good, comprehensive overview of PQC, and a raft of implications / how to plan for it.