In our last blog, we explored the many, many places cryptography enables the delivery of digital value and digital trust in today’s enterprises and supply chains.
In this blog, we want to explore what it means in practice to say that cryptography is everywhere in your technology stacks – and in everyone else’s technology stacks that you have done, are doing, or will do digital work with. A historic analogy may help.
Prior to the introduction of electrical standards and scaled distribution approaches, each business had its own methods for producing the electrical power they required for their business. Today, each hardware component, each software component, each network component, each industry vertical, and, indeed often, each country maintains their own separate version of the crypto they deploy. Using the above electrical analogy, cryptographic weaknesses, breaches, and collateral damage are common and increasingly costly – and, from a social perspective, the fixes for this problem remain weakly owned.
Just as with today’s approaches to cybersecurity, where religion is received after a breach and an understanding of its root causes, the evolution of the electrical grid and its approaches also required catastrophic damage in major cities (e.g. the great Chicago and Toronto fires) before the value of standards and a common set of frameworks and best practices could emerge.
Against new common and consistent baselines, the potential of the electrical grid could then be achieved through the invention and deployment of so many things that we all take for granted today – like computers (servers, software, devices, and so on) that use cryptography for their value delivery.
The Advent of Quantum Computers
The advent of quantum computers places today’s cryptography at risk and in the crosshairs of geo-politics, let alone the crosshairs of commercialization and exploitation.
If we are to take a piecemeal approach to the slow upgrade of all the places that the crypto needs to be made agile, then we need to take into account three important factors that complicate our time line thinking:
- Connected industries need to move in general lockstep at least with respect to how they protect core data like IP and PII etc.
- We need to achieve crypto-agility not to just undertake a one time crypto-rotation as we discussed last time.
- And lastly, we need to be aware that “quantum computers are gaining computational power relative to classical ones at a ‘doubly exponential’ rate”, according to Hartmut Neven, director of Google’s Quantum AI Labs (say goodbye to Moores Law!).
In other words, the time that we have to change our cryptography is not linear – the time we have is subject to being exponentially reduced. Our next blog will explore some ideas about how to deal with this time dilation and some architectures that can help.
Thanks for reading.