The Quantum Shift: Assessing and Adapting Cryptographic Infrastructure - A Nuts and Bolts Talk

Nuts and Bolts is a periodic, informal, and optional project demo / show and tell / cross training session of the Identity, Privacy, and Cybersecurity (IPC) unit of Technology Services at Illinois. 

Quantum computing will pose new challenges to traditional cryptographic systems. Widely used algorithms like RSA and ECC will be deprecated by 2030. Once a quantum computer becomes reality, threats such as "harvest now, decrypt later", in which encrypted data obtained by an adversary can later be decrypted, will become a reality.

NIST recently selected 3 Post-Quantum Cryptography (PQC) algorithms designed to withstand attacks from quantum computers while still maintaining compatibility with current systems. We have a narrow window to assess our cryptographic inventory of algorithms used in our infrastructure, evaluate paths to upgrade and then proceed to migration.

This talk will introduce the concept of PQC and its importance, focusing on how cybersecurity teams can make their own cryptographic inventory to assess their current readiness. For example, recent measurements at NCSA revealed that only 0.029% of OpenSSH connections originate from PQC-enabled systems—highlighting a significant readiness gap.

We will show you an easy-to-use software tool for assessing cryptographic protocols at the network layer like SSH and TLS in the context of PQC risk assessment. We will explore practical steps for transitioning to PQC, including hybrid deployments that combine traditional and quantum-resistant algorithms.