Quantum-ready security standards pave the way for Web3

The near-term arrival of Web3 relies on breakthroughs in quantum computing. But quantum is a double-edged sword. While it will bring the compute power web3 needs, it also carries the threat of making mincemeat of the blockchain-powered encryption on which Web3 relies and, at the same time, blowing open the doors on enterprise data across industries.

Given these twin threats, enterprise leaders in data security and business model innovation should pay attention to a potential solution in the form of four new quantum-resistant cryptographic algorithms designed to secure data against the lock-picking capabilities of quantum.

We say, ‘potential solution’, advisedly. Within a month of their announcement, a Belgian team of computer scientists had already claimed it had cracked one of the four candidate algorithms. Even if this – and our own data (see exhibit 1) – demonstrates the field may not yet be mature, the fact that technology leaders such as IBM, Google and Microsoft are engaged in trying to find a solution confirms enterprises should continue to pay close attention, and more should prepare to engage in ‘pilot and prove’ projects with quantum.

Exhibit 1:Quantum standards suggest more enterprises should get ready to move investments into their ‘pilot and prove’ Horizon 2 strategies

Sample: 600 Global 2000 Organizations
Source: HFS OneOffice Pulse Survey, H2 2021

Crypto communities rise to a six-year challenge set by US NIST

The US National Institute of Standards and Technology (NIST) has chosen four cryptographic schemes—three of which IBM cryptographers worked on, and all of which have been developed with industry partners, institutions, and academic experts. They are intended to become industry-wide standards. The outcome is the end of a six-year effort launched in 2016 when NIST called on the cryptographic community to create methods to resist attacks from quantum computing. There is a growing urgency for such solutions because even quantum “inspired” computing has delivered huge speed increases in complex computational work (10,000x faster, in the case of Fujitsu’s Digital Annealer technology)—exactly the kind of speed of calculation required to take on crypto codes.

Quantum computing is the area of computer development built on the theories of advanced physics covering how energy behaves at the atomic and subatomic levels. Its application will deliver the muscle power the decentralized Web3 demands. Reducing the risk that such power can be turned on the encryption Web3 also demands removes a significant obstacle on Web3’s march to the mainstream.

Standards are the first to be designed to counter quantum’s cyber threat

The new standards are the first in the field to be selected by NIST. They replace current cryptographic standards, which were only designed to protect against attacks from classical computers. In May this year, IBM unveiled its roadmap to practical quantum computing. It made protecting today’s enterprise data a priority, for example, in scenarios where bad actors “harvest now, decrypt later.”

These first four selected algorithms will become part of standards adopted globally within the next two years. Cisco, Google, Cloudflare, and the European Commission are among the many contributors.

Data security leaders should be ready to incorporate these new schemes in their defenses today to prepare their organizations to become quantum ready and protect the data stored today against predictable future threats.

The Cybersecurity and Infrastructure Security Agency (CISA) and NIST strongly recommend organizations start preparing for a post-quantum world. They say you should conduct an inventory of all systems for applications that use public-key encryption and test the new post-quantum cryptographic standard in the lab. Their full guidance is available here.

NIST is considering four more algorithms that may yet find their way into the final standards.

The Bottom Line: Another obstacle is removed on the march to mainstream, providing another reason for leaders to get serious about Web3

Web3 will demand 1,000 times more computing power than we currently enjoy. Quantum is the most likely route to that power, and it’s now due in the next three years. Standards protecting both today’s sensitive data and tomorrow’s Web3 encryptions are a vital step on Web3’s march to the mainstream. Data security leaders should act right now to incorporate the defenses these new algorithms provide. Enterprise leaders should see this as a warning that the disruptive power of Web3 may arrive faster than you think.

Read more HFS Research on Web3:

• How Web3 will democratize experience
• When to expect it and how to prepare
• The A-Z of Web3
• AI holds the cards when everyone has the same access to Web3 data