Linux group announces Post-Quantum Cryptography Alliance

The Linux Foundation on Tuesday announced the Post-Quantum Cryptography Alliance, a new initiative intended to drive the adoption of post-quantum cryptography and respond to the possible security risks introduced via quantum computing.

The Linux Foundation announced the alliance alongside a number of partners, including Google, IBM, Amazon Web Services and Cisco. Although the technology is not widely available to the public, experts have acknowledged the capability of quantum computing to render current common cryptography practices insufficient from a security standpoint.

According to a news release published Tuesday along with the initiative's website, the Post-Quantum Cryptography Alliance (PQCA) aims to be "an open and collaborative initiative to drive the advancement and adoption of post-quantum cryptography."

"The PQCA brings together industry leaders, researchers and developers to address cryptographic security challenges posed by quantum computing, through the production of high-assurance software implementations of standardized algorithms, while supporting the continued development and standardization of new post-quantum algorithms," the announcement read.

It continued, "With the rapid advancements in quantum computing, the need for robust cryptographic solutions that can withstand attacks from future cryptographically-relevant quantum computers has become paramount."

The PQCA said it will participate in a number of relevant technical projects that relate to the development, evaluation, prototyping and deployment of post-quantum algorithms. As one of its first projects, the initiative is supporting the Open Quantum Safe (OQS) project, founded in 2014 at the University of Waterloo in Ontario. OQS is an open source project dedicated to, according to its website, supporting "the transition to quantum-resistant cryptography."

Omkhar Arasaratnam, general manager of the Open Source Security Foundation (OpenSSF), told TechTarget Editorial in an email that the threat of quantum computing against modern encryption "is real."

"Sufficiently powerful quantum computers will easily compromise the cryptography we use today," he said. "While these computers are unavailable now, NIST estimates we might see such systems as early as 2030. Changing cryptography is complex. Organizations should begin migrating to hybrid encryption solutions today."

OpenSSF, which is also a project of the Linux Foundation, published a blog post Tuesday supporting the initiative. Arasaratnam called the PQCA "critical" in his email.

"No one should ever 'roll their own' cryptography. The Post-Quantum Cryptography Alliance (PQCA) is a crucial initiative to ensure developers can access robust cryptographic libraries that implement post-quantum cryptography in various popular languages," Arasaratnam said. "Projects such as OQS and PQ Code offer developers tools that can help them migrate to hybrid or fully post-quantum cryptography today. The OpenSSF strongly supports PQCA, and we look forward to working closely with them to make open source software secure for everyone."

Douglas Stebila, associate professor of cryptography at the University of Waterloo and co-founder of the Open Quantum Safe project, told TechTarget Editorial that a large-scale quantum computer, if it were to be built, "would be able to break modern public key encryption algorithms that are widely used in our IT infrastructure."

Though no large-scale quantum computer has been built yet, he said it is important to transition to quantum-resistant algorithms because today's communications could be stored now and decrypted later. He added that "it takes a long time to deploy new technology, and this will be the most complex cryptographic migration ever conducted."

"As we become more reliant on digital systems, the potential impact of quantum-enabled cryptographic breaches becomes more significant," Stebila said. "Additionally, transitioning to quantum-resistant encryption requires a substantial amount of time and resources for research, standardization and implementation. Starting this process now ensures that we are prepared and protected against quantum threats before they materialize, safeguarding our digital and national security interests for the future."

Alexander Culafi is an information security news writer, journalist and podcaster based in Boston.