Why It's Time To Invest In Quantum Cybersecurity Now

Brian Witten, VP/CSO of automotive technology supplier Aptiv, warns that "While seven to 10 years may sound like a long way off, preparation for quantum threats must begin now, not once they have already materialized." Organizations need time to implement post-quantum cryptography (PQC) transition plans methodically — and that applies both to anyone with an IT infrastructure and to anyone building software-defined systems. "Current encryption, such as RSA and ECC [elliptic curve cryptography], will become obsolete once quantum computing matures," said Cigent cofounder John Benkert. "Management often assumes cybersecurity threats are only present-day problems. But this is a future-proofing issue — especially relevant for industries dealing with sensitive, long-lifespan data, like healthcare, finance or government." Remediation requires long-term planning. Organizations that wait until quantum computers have broken encryption to address the threat will find that it is too late.
Start by building an inventory of what needs to change, Witten recommends. (Fortunately, "It's a matter of using newer and different chips and algorithms, not necessarily more expensive components," he writes, also suggesting requests for proposals "should ask vendors to include a PQC update plan.")

Firmware will also need quantum-resistant digital signatures. ("Broken authentication lets bad things happen. Someone could remotely take over a vehicle, for instance, or send malicious code for autonomous execution later, even after the vehicle has gone offline.") And remember that post-quantum key sizes are larger, requiring more storage space. "In some cases, digitally signed messages with security information could triple in size, which could impact storage and bandwidth."

Thanks to Esther Schindler (Slashdot reader #16,185) for sharing the article.

useing non dealer service and repair is bad got to

[Joe_Dragon]

useing non dealer service and repair is bad got to lock that out at the quantum. While makeing nice profit by selling $100-$200 ssds at $300-$400

use a dog to factor...

[bobdevine]

Don't worry -- a dog can match current quantum factoring:
    https://eprint.iacr.org/2025/1... [iacr.org]

Re:

[gweihir]

Indeed. This thing has been nothing for the last 35 years I have been following it.

Re:

[sjames]

Meanwiile, without any form of cheating, a 6th grader will be a lot faster than a quantum computer, and they'll do it for rewards that cost way less than the operating cost of the QC.

Will Quantum Computing work as predicted?

[Spazmania]

All of this presumes that Quantum Computers will work as predicted. That's like assuming that real computers work just like Turing Machines. They do not. Not only do real computers work differently, no real computer can fully implement a Turing Machine because Turing Machines have infinite memory. While most algorithms proven on a Turning Machine can in fact be usefully implemented on a real computer, it's not universal.

If real Quantum Computers don't match theoretical Quantum Computers, and I think it unli

Your messages today will be read tomorrow

[FeelGood314]

The most pressing part of quantum computing is that your messages today, along with the key agreements, are being recorded. A quantum computer will be able to break the key agreement and read those messages.

Re:

[gweihir]

No. Any competently done encryption has forward secrecy. And then the attackers cannot do a single key for a target, but need to run the key-exchange through a complex key-exchange breaking calculation for _each_ message. That will be prohibitive in most cases.

Re:

[drinkypoo]

The promise of quantum computing is that it will make that cheap, though. I agree it may never come, or may not come for decades even if it does, but let's say it does. You know how big the first transistor was...

Re:

[gweihir]

No. The "promise" is that it will make that _possible_. "Cheap" is not in the cards for a long, long time even if "possible" is ever reached.

Transistors are not a valid comparison. Transistors you can just pile up and connect and the individual transistor does not become more complex or higher effort to make or run. Hence we got extreme scaling for a while, although that seems to be mostly over. For a QC, if you add one QBit, all other QBits raise in complexity and effort because everything has to be and st

Re:

[WaffleMonster]

No. Any competently done encryption has forward secrecy. And then the attackers cannot do a single key for a target, but need to run the key-exchange through a complex key-exchange breaking calculation for _each_ message. That will be prohibitive in most cases.

Keys are protected by difficulty of exponential scaling of systems. If you ever get to a computer that can break keys in a reasonable time the step from there to effectively instantly is vanishingly small.

Re:

[gweihir]

That does not apply to QCs. QCs cannot do "instant" and will never be fast in absolute numbers.

Incidentally, the "exponential" is just convenience. You can make secure encryption with x^2 against x or even worse.

Re:

[WaffleMonster]

That does not apply to QCs.

Does too.

QCs cannot do "instant" and will never be fast in absolute numbers.

Speed of Shor's algorithm is inversely proportional to logical qbit count.

Incidentally, the "exponential" is just convenience. You can make secure encryption with x^2 against x or even worse.

I don't know what this means. Are you suggesting any number can be be expressed with a small exponent? If so what is the point?

Re:

[gweihir]

That does not apply to QCs.

Does too.

I see you have no clue how QCs work. Thanks for confirming that.

QCs cannot do "instant" and will never be fast in absolute numbers.

Speed of Shor's algorithm is inversely proportional to logical qbit count.

Hahahaha, no. That is a _theoretical_ result relying on some assumptions that will not hold in practice.

Incidentally, the "exponential" is just convenience. You can make secure encryption with x^2 against x or even worse.

I don't know what this means. Are you suggesting any number can be be expressed with a small exponent? If so what is the point?

Well, again, I see you have no clue. Making statements you do not understand can lead to you getting answers you do not understand.

Re:

[sjames]

Given the rate of "progress" with QC doing prime factorization of arbitrary compound numbers, not only will I be dead by then, everyone who will have known me in my life will be dead. And if you add the criterion that QC must be cheap enough to make it worthwhile to crack my secret messages, there's a fair chance that everyone who would have known anyone who knew me in life in life will also be dead by then.

And no, I do not believe in doomsday prophesies.

Re:

[coofercat]

AES256 is quantum safe, so if you're using that you could be just fine.

Exchanging AES keys over networks is typically done with something like RSA, which is definitely not quantum secure. Swapping that out for something like Crystals Kyber solves that problem though.

Honestly, the whole "quantum security" market is a whole load of hype. Whilst a lot of public key is used around the world, and doubtless some tiny fraction of all those communications is actually "important", it's not all that hard to secure it

Some inaccuracies

[LainTouko]

"Current encryption will become obsolete" - only asymmetric crypto. Symmetric crypto, as well as hashes aren't affected (at least not much, you might want to double key sizes but you don't need fundamental changes.)

"Post-quantum key sizes are larger" - that depends. Basically, the algorithms are less efficient than conventional asymmetric algorithms, but there are quite a few different options out there with different inefficiencies. For example, SLH-DSA has tiny keys, but the signatures are huge and making

Note to self

[93 Escort Wagon]

Move to quadruple ROT-13, ASAP!

Re:

[OrangAsm]

That's so last century. We're using ROT-14 now... 13 iterations should be plenty.

Re:

[93 Escort Wagon]

ROT...14?

14!!

BRILLIANT!

Meanwhile...

[sjames]

Practical quantum prime factorization is all the way up to (some) 2 digit numbers and it only took 20 years. Lately, scaling of quantum computers seems to have hit a wall. MS's meetoo quantum chip turned out to be a mock-up, Google's imminant announcement of the largest QC yet is now a year overdue and silence from the hype machine is ominous.

So I guess this is Aptiv trying to cash in (or perhaps cash out) before the bust.

Re:

[fuzzyfuzzyfungus]

It's sort of an interesting mix of goofy hype and actual(but relatively boring) worth-looking-into.

Not so much because of 'quantum' necessarily; it's entirely possible that someone will get an at least somewhat worrisome classical efficiency improvement worked out before the quantum computing types reach anything of useful size; and it's probably worth betting money that particular cryptographic implementations will turn out to be flawed; but because it takes a fair amount of awareness to even have a co

Re:

[gweihir]

I agree it is something to keep an eye on. It is not something that will be a threat in any time-frame that would need preparation now. Crypto-agility is _always_ a good idea to have tough.

Re:

[gweihir]

Practical quantum prime factorization is all the way up to (some) 2 digit numbers and it only took 20 years..

More like 40 years. The whole thing is just a bad idea that will not die and gets hyped all out of proportion. Maybe we can do another attempt in 100 years or so, but at this time we cannot even scale up at grossly insecure stuff. Wake me when they can factor 1024 bit.

Re:

[gtall]

Wait until they sprinkle AI Faerie Dust on quantum crypto. There'll be nothing it won't do, it will even walk the dog and empty the cat's litter box without asking.

Re:

[gweihir]

From the beliefs of all the moron fanbois, it will do exactly that.

Should've started preparing years ago

[davidwr]

Oh wait, we have been.

Do a date-restricted internet search for "post-quantum cryptography" for anything older than, say, 5 years ago to see that the world is taking this seriously.

Over-hyped.

[Gravis Zero]

Organizations need time to implement post-quantum cryptography (PQC) transition plans methodically — and that applies both to anyone with an IT infrastructure and to anyone building software-defined systems.

If your software isn't capable of using fallback encryption algorithms then your company is already in trouble because it haven't learned shit about security. However, everyone with a lick of sense has made sure multiple encryption algorithms are acceptable in case one becomes a risk. Therefore, you need only need add a PQC encryption algorithm to your software's capabilities (which are now available in most every crypto library thanks to NIST) and wait to remove older algorithms.

The secure communications w

This really is bullshit

[gweihir]

QCs have been worked on for something like 50 years now, and there _still_ is not a single functional one. There is no threat.

As an automotive technology supplier?

[Kernel Kurtz]

Perhaps they could concentrate more on improving the rather dismal state of automotive security as it exists today rather than worrying about ten years from now. Post quantum cryptography is the least of their worries.

The internet is an environment.

[PubJeezy]

The internet is an environment. Spam is a form of pollution. Native advertising like this "article" is the forever-chemical of internet.

Security funding is finite

[justinleona]

Taking money out of present-day threats to prepare for hypothetical ones is a bad strategy - and it is already difficult to get CEOs to spend money on cryptography!

How to guarantee quantum safety?

[TeknoHog]

I have a hard time believing that a particular encryption will remain unbreakable, quantum computers or not. At the moment, we have Shor's algorithm for factoring numbers on QCs, so we should avoid relying on the hardness of factorization. How can we be sure that there won't be new algorithms in the future that break the current "post-quantum" encryption?

During my advanced math studies, I only took a rather introductory course on encryption, including stuff like Galois fields and elliptic curves. I recal