Free online consultation available. Please feel free to contact us.

Post-Quantum Cryptography (PQC) / Quantum Computer / Cryptogility / Harvest Attack

Post-Quantum Cryptography (PQC) / Quantum Computer / Cryptogility / Harvest Attack

This glossary explains various keywords that will help you understand the mindset necessary for data utilization and successful DX.

This time, we will explain the relationship between quantum computers and the security of cryptographic technology, a topic that has been frequently discussed.

Post-Quantum Cryptography (PQC) is a type of cryptography.

Post-Quantum Cryptography (PQC) is a cryptographic technology that maintains security even when a sufficiently powerful quantum computer is developed and used to launch an attack, making it impossible to decrypt the encryption.

With the development of quantum computers actually progressing, and algorithms that can efficiently solve problems such as prime factorization and discrete logarithms—problems on which the security of currently widely used "public-key cryptography" is based—being found for quantum computers, post-quantum cryptography, which ensures security even in the age of quantum computers, is attracting attention.

While it is still some time away from quantum computers becoming fully practical, the risk of "harvest attacks" (HNDL: Harvest Now, Decrypt Later), where data is acquired now and decrypted later, already exists. On the other hand, post-quantum cryptography standards have already been established and are available, so it is desirable to respond as quickly as possible and to achieve "cryptogability" (the ability to change the cryptographic technology used as needed) to prepare for any new risks that may arise in the future.

Will the encryption methods we use today remain secure after the advent of quantum computers?

Post-quantum cryptography (or post-quantum cryptography) has gained attention because the increasing practical application of quantum computers poses a risk to existing cryptographic technologies.

Cryptographic technology is the foundation that supports safety and security in modern society.

In recent years, the importance of ensuring security in the use of IT has only increased, and the use of encryption technology as a means of ensuring the "safety and security" of data has become increasingly important. Encryption technology is widely used and plays an active role not only in cases where users explicitly encrypt and protect their own data (such as using encrypted ZIP files), but also as a "means of generally realizing" "safe and secure data transfer over the internet."

If encryption technology becomes unsafe, it will inevitably have a significant negative impact on social activities themselves. This includes the inability to implement secure VPNs and web conferencing for remote work, the safe use of cloud services in general, and even online commercial transactions, as it will become impossible to securely transmit credit card numbers and addresses.

  • You might be thinking, "What does cryptography have to do with me?" But if cryptography technology fails, safety and security will disappear from the internet, and many social activities may come to a halt—a terrible situation.

Why quantum computers pose a risk to cryptography

So why is the progress in quantum computer development a risk to cryptography? It's because it's believed that "quantum computers have inherently higher computing power than the computers we use today."

What does it mean for encrypted data to be secure? It means that even if the data falls into the hands of a malicious person and they try to decrypt or tamper with it, they cannot do so. The encryption technologies widely used today are standardized and their technical details are publicly available, so we know "how the data is encrypted," but the security of the encryption is maintained because "the amount of computation required to decrypt it using known decryption methods is so enormous that it is practically impossible to decrypt it."

In other words, the security of modern cryptography is based not on the fact that "the decryption method is unknown," but on the fact that "it takes too much computation time." The problem then becomes that "quantum computers are thought to have inherently higher computational power than conventional computers." Therefore, there are concerns that cryptographic techniques that would take too long to decrypt on conventional computers could be decrypted in a practical amount of time using quantum computers.

  • Cryptographic technology is secure if "the known decryption methods require too much computation to effectively decrypt it."
  • There are concerns that quantum computers could enable the decryption of encryption that was previously considered "virtually unbreakable" within a "practical computation time."

Furthermore, it has become clear that some widely used cryptographic techniques can be cracked in a practical amount of time by quantum computers (specifically, cryptographic techniques based on the difficulty of prime factorization, which have been widely used to ensure the security of communications on the internet). Therefore, it has become unavoidable to re-ensure "security and safety through cryptographic technology" in preparation for the quantum computing era.

The difficulty of "protecting against the threat of the emergence of quantum computers"

Simply put, this situation requires "updating cryptographic technology to suit the quantum computing era," but the difficulty lies in the fact that it actually requires "more" than that.

As mentioned earlier, it is known that if a quantum computer is developed to a sufficiently practical level, some encryption methods will be able to be deciphered. The ability to decipher encryption is a "national security issue," so countries are investing huge budgets in research and development. For this reason, the first quantum computer to be built is likely to be extremely expensive, and there is even a possibility that its completion itself will be kept secret.

Given this situation, even if a practical quantum computer is developed, it's unlikely that we'll immediately benefit from it. In other words, it's likely that this "even more difficult situation" will persist for the foreseeable future.

  • Cryptographic attackers: Assuming they own a practical quantum computer and can operate it at enormous expense.
  • We: Assume we only have conventional computers, and may even be limited in terms of the computing power of hardware with limited capabilities.

In other words, simply updating cryptographic technology for the quantum computing era will not be enough to ensure "safety and security" in the near future.

We must assume a scenario where only the attacker possesses a highly capable quantum computer and can launch an attack using a massive budget, while simultaneously having to consider the extremely asymmetrical situation where the side using cryptographic technology (the defender) "naturally does not have a quantum computer, and may even only have the limited computing power of a smartphone." Unless we can achieve "withstand attacks and maintain security" even under such assumptions, we cannot guarantee "security and security after the advent of quantum computers."

Cryptographic technologies that maintain security and reliability even in such "highly asymmetric and challenging situations" are called "Post-Quantum Cryptography (PQC)."

The difference in capabilities between "quantum computers" and "conventional computers"

Now, the essential question becomes, "Just how amazing are quantum computers?" If they have "essentially no difference in capabilities" compared to the computers we use today, then their cryptography capabilities would be exactly the same, and there would be no impact whatsoever. On the other hand, if they have "overwhelming capabilities that can solve any problem," then finding a way to defend against them would become extremely difficult.

When quantum computers are being talked about as "amazing," it seems that people have the impression that they have capabilities far superior to conventional computers, that they are incredibly powerful, and that there is a "terrifying difference in capabilities." However, while there is a difference in capabilities, the difference is "more limited than the public thinks."

Essentially, it's "parallel computing."

Quantum computers are essentially parallel computing. Conventional computers input and output data by specifying either "1" or "0" for each bit, but quantum computers can input and output data while it is in a quantum superposition state of "1" and "0".

For example, if you want to input 16-bit data and perform a calculation, a conventional computer would naturally require you to select "one specific input value" for processing. In contrast, a quantum computer can input "all possible values for 16-bit data" at once and perform calculations on all of them. In other words,

  • Conventional computers: To examine the entire 16-bit input space, it would be necessary to input data 65,536 times (2 to the power of 16) and perform calculations for each one.
  • Quantum computers: They can input and calculate all possible values in a 16-bit input space by "superimposing" them all at once.

In this way, a 16-bit qubit can theoretically perform up to 65,536 calculations at once, and a 32-bit qubit can theoretically perform up to 4.3 billion calculations at once. As the number of qubits increases, the number of solutions that can be searched in parallel increases dramatically.

In other words, it can't do anything more than "parallel computing".

However, to put it another way, it seems unlikely that anything more will happen (even if you found this difficult, it's okay if you just get the general idea).

  • Conventional computers still cannot solve problems that have been proven to have no generally solvable method.
    • Computation halting problems, etc.
  • It's not the case that problems that are "NP-hard" (problems that are impractically unsolvable due to exponential computational complexity) on conventional computers can be solved in "practical time" (polynomial time: P time) on quantum computers.
    • Problems like the traveling salesman problem remain NP problems even on quantum computers.

For more information on "NP-hard," "P-time," and "unsolvable problems," please see this article.
Algorithms / Computational complexity theory / P / NP | Glossary

The impression that "quantum computers are amazing" has taken on too much of a life of its own, and it seems that some people believe that "they will be able to solve NP-hard problems." However, it is generally believed that "even with quantum computers, NP-hard problems cannot be solved in polynomial time."

P < Quantum P < NP-hard (or so it is thought)

In other words, quantum computers are expected to be able to solve more problems in a practical amount of time (polynomial time: P time) than conventional computers, but they are still expected to remain unable to solve difficult problems (NP-hard problems).

*The phrases "it is thought that..." and "it is predicted..." are frequently used because, in reality, much of the capability of quantum computers is "not yet understood in a way that can be definitively proven."

However, in the context of the topic at hand, "the security of cryptographic technology," there are concerns that "the difference" could lead to fatal consequences.

While there is an impact on symmetric-key cryptography (AES), it is considered to be "limited."

In AES, the de facto global standard for symmetric-key cryptography, the impact is considered to be "noticeable" but "limited" (an impact that can be mitigated).

Please also see this article for more information on AES.
Symmetric-key cryptography / DES / AES (Advanced Encryption Standard) | Glossary

Quantum algorithms that can already be used to crack AES encryption (Grover's algorithm, Simon's algorithm) have been found, but it is thought that the effect is only a reduction in encryption strength equivalent to halving the length of the encryption key.

  • AES128: If a highly practical quantum computer with a very large number of bits becomes available...
    • Traditional computers only offered the strength equivalent to a "128-bit key length".
    • Quantum computers may see a drop in performance to the equivalent of "64 bits."

Even with a 64-bit key length AES encryption, while it's difficult to decrypt with conventional computers, it becomes so strong that it might be possible to decrypt it with a computer that has extremely high computing power. In other words, it becomes somewhat vulnerable. However, if it's simply a matter of "halving" the key length, then the countermeasure could also be achieved by simply "doubling the number of bits in the key."

  • AES256: As a highly practical quantum computer with a very large number of bits becomes practical.
    • Traditional computers offered only the strength equivalent to a "256-bit key length".
    • The quantum computer's strength might drop to the equivalent of a 128-bit quantum computer (a strength that makes it unlikely to be deciphered).

Since AES is currently available with a 256-bit key length, "encrypting with AES256 should be sufficient, as far as we know, to ensure safety even when quantum computers become fully practical." Furthermore, actually carrying out an attack would require a quantum computer with a "massive number of qubits," which is unlikely to be realized anytime soon.

If concerns remain, measures such as introducing a new 512-bit mode may be taken in the future. The impact of quantum computers on symmetric-key cryptography, including AES, is considered limited, and it is thought that simply increasing the key length is often sufficient to address the issue.

It does have an impact on hash functions, but it is thought to be "limited."

Similarly, cryptographic hash functions, another technology that plays a crucial role in ensuring security and safety, are also considered to have a limited impact, similar to symmetric-key cryptography.

While a decrease in security strength is expected with the currently widely used "SHA-2" and "SHA-256," it is not believed that they will become easily attackable. It is also expected that increasing the number of bits will maintain sufficient security.

The area of concern regarding potential impact is "public-key cryptography."

While there is much talk about a serious crisis affecting cryptography in general, it appears that symmetric-key cryptography (or AES) and hash functions will not be fatally affected even in the age of quantum computers. However, the situation is different for "public-key cryptography," and there are concerns that major problems will arise if it remains as it is after quantum computers become practical.

However, public-key cryptography is widely used as a means of achieving secure communication over the internet, and it is a very important technology that broadly supports the safety and security of modern society, such as providing a means of creating tamper-proof digital signatures for digital data that would otherwise be freely copyable and tampered with. If public-key cryptography could no longer be used securely, it would have a devastating impact on society.

For more information on public-key cryptography (and one-way functions), please see this article.
Public-key cryptography / Digital signatures / One-way functions | Glossary

It is known that "problems can occur" with public-key cryptography, which is currently widely used.

As explained in the article linked above, the key to realizing public-key cryptography is the existence of a "one-way function." For more details, please refer to the article above, but a one-way function is "some kind of process" where the operation from A to B can be performed in a practical amount of time, but the reverse operation, "returning B to A," takes too much time to be practically implemented.

In public-key cryptography, such as RSA encryption, which has been widely used to date, the "one-way function" used was the "difficulty of prime factorization."

  • Manual calculation and prime factorization using conventional computers
    • Forward calculation: Can be calculated by hand.
      • Multiplication is not a difficult operation.
      • Multiplication of two prime numbers (which are truly prime): 104381 × 103687 = 10822952747
    • Calculation in the reverse direction: Theoretically possible, but not a practical computational task.
      • It cannot be calculated in polynomial time (practical time).
      • Factorize 10822952747: That's a bit...

However, with quantum computers, a method called "Shor's algorithm" has already been discovered that can perform prime factorization in a realistic amount of time (polynomial time: P time).

  • Prime factorization on quantum computers
    • Forward calculation: Can be calculated in polynomial time (realistic computation time).
      • Multiplication is not a difficult operation.
    • Inverse calculation: An algorithm has been found that can perform the calculation in polynomial time.
      • It becomes possible to practically perform prime factorization of numbers with a large number of digits.

In other words, prime factorization does not function as a one-way function on a quantum computer. Other functions that have traditionally been used as one-way functions, such as the discrete logarithm problem, can also be solved within a reasonable computation time using Shor's algorithm.

In other words, the public-key cryptography we have been using until now is likely to become "breakable" in the quantum computing era because "reverse operations can be performed in a practical amount of time."

What happens when "public-key cryptography" becomes insecure?

Public-key cryptography is widely used as a technology that supports security and peace of mind, so if it were to become unavailable, it would have a significant impact on society.

  • Safe and secure communication over the internet will become difficult.
    • Communication via "HTTPS" can be decrypted.
    • The inability to securely transmit credit card numbers and personal information (such as names and addresses) will have a significant negative impact on online economic activity.
    • The inability to create a secure communication path using simple procedures makes VPNs difficult to implement, and thus makes remote work and other similar practices difficult to carry out.
  • If electronic signatures can be forged, it will become impossible to determine "what is genuine."
    • The electronic certificate proving the other party's website is authentic becomes unreliable.
      • It becomes impossible to verify that a site is not a phishing site, and even if the communication path is tampered with and you are connected to a fake site, you won't know.
    • The digital certificates used for smartphone app and software updates will stop working.
      • It becomes impossible to tell whether something is genuine and safe, or a fake.
    • It becomes impossible to verify from the signature whether an email was indeed sent by the sender.
      • Alternatively, it may become impossible to verify, through electronic signatures, whether an electronic document you have in your possession was actually sent from the other company.
    • Electronic administrative procedures will become unsafe.
      • Because it generally becomes impossible to prove authenticity or the person's identity.
    • The blockchain could malfunction, potentially causing the entire cryptocurrency system to collapse.
      • It becomes impossible to assert rights over data on the blockchain, and it becomes possible to steal assets through tampering or forgery (for example, the "address," which is like a bank account number in Bitcoin, is the public key of the digital signature).

However, for an attack to actually succeed, a quantum computer with a sufficiently large number of qubits would need to be put into practical use. Since the number of qubits currently being achieved through research and development is far from this, it is unlikely that the risks posed by quantum computers will become a reality anytime soon.

So, while we're not in an imminent crisis, we do need to consider the question, "What will happen if research and development of quantum computers continues at this pace?"

To give an analogy, it's not like we're in an urgent situation where "a super typhoon is likely to hit Tokyo next week," but rather like there's an 80% chance that a Nankai Trough earthquake will occur within the next 30 years.

Required solution: Find and replace it with an alternative one-way function.

So, what countermeasures are necessary against this threat of quantum computers? Fortunately, the public-key cryptography system itself has not become obsolete.

  • Symmetric-key cryptography such as AES is believed to be countermeasures that can be implemented simply by increasing the key length.
  • The same applies to cryptographic hash functions such as SHA-256.
  • The mechanism of public-key cryptography hasn't been completely ruined. Only the "specific one-way functions" that have been widely used up until now have become unusable.

In other words, countermeasures can be taken by finding an "alternative one-way function" and "switching to a new public-key cryptography technology (i.e., "post-quantum cryptography")" before quantum computers become practical.

For more information on one-way functions (and public-key cryptography), please see this article.
Public-key cryptography / Digital signatures / One-way functions | Glossary

Fortunately, there are several candidate alternative one-way functions (it's not such a dire situation that no alternative technology exists), and discussions are already underway regarding which technology to adopt.

The most promising is public-key cryptography using the "lattice problem," known as "lattice cryptography."

The following are some candidates for new unidirectional functions that cannot be computed in the reverse direction within a practical timeframe, even with quantum computers.

  • Lattice-based cryptography
    • This method utilizes the difficulty of solving the "lattice problem," which is related to lattice points (regular points whose coordinates are integers when expressed by vectors) in higher-dimensional spaces.
      • An example of a lattice problem: Closest Vector Problem (CVP)
        • This problem involves finding the nearest lattice point to a given point in a higher-dimensional space. In two dimensions, it might seem easy (for example, by searching among four surrounding points: 4 = 2 squared), but as the number of dimensions increases (using the same analogy, "2 to the power of 64" would be "18.44 quadrillion"), it becomes exponentially difficult.
  • Hash-based cryptography
    • This method utilizes the one-way nature of hash functions. It takes advantage of the fact that while it is easy to calculate a hash value from the original data, it is difficult to later create original data that produces that hash value.
  • Multivariate public key cryptography
    • This method takes advantage of the difficulty of solving quadratic equations with multiple variables.
  • Code-based cryptography
    • This technique utilizes "error correction codes," which allow for the restoration of original data even if some bits are corrupted during transmission due to communication errors. It leverages the fact that while it's easy to recover data from errors, the reverse is not always possible.
  • Isogeny-based cryptography
    • This problem involves finding an "isogeneic mapping" connecting two given elliptic curves (hypersingular elliptic curves).

These are all problems where forward calculations can be practically performed on conventional computers, but reverse calculations are considered difficult even with quantum computers. However, it is important to note that the safety of none of these methods has been rigorously proven.

The National Institute of Standards and Technology (NIST) is developing standards for post-quantum cryptography.

Similar to the development of AES encryption, the National Institute of Standards and Technology (NIST) is currently working on developing post-quantum cryptography. For details on the history of AES encryption and why the current encryption method is being chosen, please see the following article.

Symmetric-key cryptography / DES / AES (Advanced Encryption Standard) | Glossary

Similarly, the requirements for post-quantum cryptography have been outlined, and proposals are being solicited from around the world (December 20, 2016). Again, the entire process from solicitation to selection will be open and transparent, with no issues regarding intellectual property rights, and the technology itself will be completely open, making it a cryptographic technology that anyone in the world can use freely and without charge.

In response to the call for proposals, cryptographic technologies have been submitted from all over the world, and the process of selecting the technology that should become the next generation of cryptography is underway. Among these, the most promising and leading candidate for a one-way function to be used in next-generation public-key cryptography is "lattice cryptography," which uses the lattice problem.

The lattice problem is considered promising due to its many excellent properties, but because its use as a cryptographic technique is relatively new, there are concerns that undiscovered attack methods or decryption techniques could suddenly be found, potentially causing serious problems. Therefore, other methods are also being considered.

The first "final standard for post-quantum cryptography" has been formulated.

And finally, on August 13, 2024, the "first standard technology" was established. In other words, the situation is now such that "actual work can begin" on post-quantum cryptography. The development work is not finished with the following three points, and consideration of other technologies is continuing.

  • ML-KEM (FIPS 203): A type of lattice-based cryptography used to enable secure and reliable communication using public-key cryptography (for key exchange).
  • ML-DSA (FIPS 204): A type of lattice-based cryptography used to implement digital signatures.
  • SLH-DSA (FIPS 205): A type of hash cryptography used to implement digital signatures.

ML-KEM is a form of public-key cryptography that uses a public key to encrypt data (the encryption key for the shared key used in subsequent communications). By sending this encrypted data to the recipient who possesses the private key, secure data communication is achieved over insecure communication paths. This lattice-based cryptography utilizes the difficulty of the lattice problem. It is expected to play a significant role in applications such as secure communication over HTTPS (TLS) and VPNs.

"ML-DSA" is a technology used for digital signatures, and it is also based on the lattice problem.

"SLH-DSA" is also a technology used for digital signatures, but it takes into account the possibility of "what if" scenarios occurring in the lattice problem itself, and is implemented using a hash cryptography that is considered to have a lower risk of similar problems. It serves as a backup for "ML-DSA," and is designed with security as the priority over efficiency, and can be used as a replacement if something goes wrong.

In addition to this, it seems that a non-lattice problem-based cryptographic technique to serve as a backup for "ML-KEM" is also planned to be standardized. Until then, conventional techniques (but not based on prime factorization), such as elliptic curve Diffie-Hellman key exchange, will be used as a backup.

The transition to post-quantum cryptography is already underway.

While specific "new technologies that we should switch to" have been identified, how will the transition proceed from here?

Many governments aim for a complete transition by around 2035.

Governments around the world are moving towards switching to post-quantum cryptography. Specifically, the United States and the United Kingdom are aiming for a complete transition by around 2035, and the EU is also coordinating among its member states to achieve a similar timeframe. Japan has also indicated a policy of completing the transition by 2035 in principle.

In the case of the United States, the organization that developed the post-quantum cryptography technology I've described is a U.S. government agency (the National Institute of Standards and Technology: NIST), so the technology development is complete and the transition process has already begun.

Other countries will have to start from the technical review stage, but realistically, it is thought that instead of each country starting the review from scratch, they will independently re-examine the results of NIST's formulation and adopt roughly the same technologies (for example, "ML-KEM" will be adopted in other countries as well).

The risks of "harvest attacks" (Harvest Now, Decrypt Later)

The reason why governments around the world are rushing to take countermeasures is that there are reasons why these measures are urgent, regardless of when quantum computers will become practical.

It is not predicted that quantum computers will be put into practical use by 2035.

As I've already written, quantum computers aren't exactly an imminent threat. While there's been talk of quantum computers with over 100 qubits being built and discussions about aiming for 1000 qubits, it seems that actually being able to crack cryptography is still a long way off.

Beyond the number of qubits, there are still many challenges. For example, the error tolerance of qubits and the time that a quantum state can be maintained (coherence time) still present numerous obstacles to practical application. Even by 2035, the target date set by various countries for the transition, it is unlikely that a practical quantum computer capable of cracking public-key cryptography will be realized.

A complete transition in the near future will not be easy.

On the other hand, "complete migration" means identifying all the encryption technologies used by public institutions (including those they may be using unknowingly), and then, in some cases, undertaking the time-consuming process of rebuilding systems or introducing new equipment, and then completing all necessary adjustments. A complete migration by 2035 is quite a demanding schedule, so it's not a matter of taking early action just because the migration is easy.

Even though the practical application of quantum computers is still a long way off, risks are already present.

So why are they rushing to implement countermeasures?

While there is a risk that quantum computers may become practical unexpectedly and rapidly, there are concerns about the risk of "harvest attacks" (Harvest Now, Decrypt Later), which necessitates early countermeasures.

As of 2026, when this is being written, quantum computers are far from having sufficient capabilities, and it seems unlikely that they will be able to decrypt data anytime soon. However, it will still be possible to "capture encrypted communication data" by 2026.

Even if we capture the data, we can't decipher it right now. However, if a sufficiently powerful quantum computer is realized in the future, it will become possible to "decipher the data that was acquired in 2026."

In other words, even if the practical application of quantum computers is still some time away, if post-quantum cryptography is not used, there is a possibility that the content of "current communications" could be deciphered in the future. To prevent such risks, it is necessary to implement post-quantum cryptography as soon as possible.

Cryptoagility: An environment where you can quickly switch to the latest cryptographic technologies as needed.

The crisis isn't imminent, and not all cryptographic technologies are at risk; however, it's clear that "immediate action" is needed. So, what specific measures are necessary?

Web browsers are increasingly switching to post-quantum cryptography.

Even if you're told that countermeasures against quantum computers are necessary, you might not know what to do, but in fact, the world is already moving towards post-quantum cryptography.

For example, support for this technology is already progressing in web browsers. The Chrome web browser, for instance, has enabled HTTPS communication using the quantum-resistant cryptography "ML-KEM" by default since version 124, released in May 2024. The Firefox web browser also has "ML-KEM" enabled since version 132, released in October 2024.

For secure communication using post-quantum cryptography (TLS with ML-KEM) to actually occur during web browsing, in addition to support on the web browser side, "the cloud service or other communication destination also needs to support ML-KEM," but progress is being made in this area as well.

For example, popular web servers like "Apache HTTP Server" and "Nginx" can now support HTTPS by using OpenSSL 3.5 or later as the "software that enables HTTPS communication." Major cloud services, such as AWS, have already implemented support for it in their main services.

The problem is the situation where it is "updated to a sufficiently new version."

This situation is not limited to web browsers; many widely used software programs are similarly progressing towards supporting post-quantum cryptography. In other words, if you can update the software you are using to sufficiently newer versions, in most cases you will be in a "compatible environment."

In other words, the real issue is whether your company's IT systems and IT usage environment are "sufficiently up-to-date."

Another thing to consider is "risks that may arise in the future." For example, there are concerns that "a problem might be found with lattice cryptography, necessitating a replacement with an alternative technology." To prepare for such risks, it is important to have an environment where "it is possible to quickly update to a new version with countermeasures in place as needed."

  • Understand the encryption technologies your company uses directly and indirectly.
  • Update to a version that supports post-quantum cryptography.
  • Furthermore, it is desirable to be able to quickly update "software related to cryptographic technology, etc." to sufficiently new versions as needed (cryptoagility).

In other words, in addition to being "ready to handle new encryption," it is desirable for companies to be able to "quickly switch to the appropriate encryption technology as needed," that is, to ensure agility in switching the encryption technology (crypto) they use, as a measure against the quantum computing era.

What specifically should be done?

Web browsers are automatically updated about once a month, so the situation is such that "appropriate updates are provided quickly as needed." The same can generally be expected from major cloud services.

The problem is what's happening "besides" everything else.

Are your company's IT assets sufficient?

For example, what about your company's website? In reality, it's quite common for companies to outsource the entire development process to an external web development company and then leave it as is. In such cases, there's a possibility that the web server being used is an older version that doesn't support post-quantum cryptography. It's necessary to check if there are any components that might remain incompatible.

Even when using major cloud services, it's not always the case that everything stays updated without any effort on your part. Sometimes, you need to perform some kind of maintenance periodically to keep everything up to date.

Furthermore, appropriate updates may not be available at all. Depending on the packaged software or cloud service you are using, appropriate updates may not be provided at all. You will need to either "find an alternative and replace it," or, if you continue to use what you are currently using, you will need to re-ensure security in some way, such as "re-protecting communications and data in a different way."

If your company develops and operates its own IT systems, you need to identify the middleware used in those systems that is related to encryption and ensure that it can be updated as needed.

Data verification is also necessary.

We also need to check the "data." For data that is encrypted and stored, we need to confirm whether the encryption method used is one that can be expected to remain secure even after quantum computers become fully practical.

Furthermore, data that has been electronically signed (digitally signed) in the past also needs to be checked in the same way. For example, if a method has a risk of not being able to maintain security, it is necessary to prepare now for a situation in the future where "fake electronic signatures" or "tampering with the content of electronically signed data" may become possible, making it impossible to distinguish between genuine data that was electronically signed in the past and the fake data.

Legacy system post-quantum cryptography support

If the goal is to be able to update to newer technologies as needed, then the biggest problem will probably be what to do with "long-standing IT systems" (and cloud services). It's about what to do with what are commonly known as "legacy systems."

For more information on "Legacy Systems," please see here.
Legacy Systems / Legacy Integration | Glossary

The pressure from horror stories that say encryption is becoming insecure and countermeasures are necessary is powerful, and the argument that old things are no good and must be replaced with new ones is a classic and easily accepted truth. However, reality is not that simple.

For example, you might be told that old systems like mainframes should be phased out, so you spend a huge amount of money migrating to the "latest" cloud or packaged software, only to find that the new system makes it impossible to run your business and causes it to collapse. Or, unfortunately, it's a common outcome that despite all the effort put into the migration, the results don't justify the large investment.

Because we're in the age of ERP packages, the age of the cloud, the age of digital transformation, and the need for post-quantum cryptography, it's pointless to overhaul your system every time "something is said" to do so. In reality, it's often more practical to skillfully retain legacy systems while adopting cloud services for the parts that require modern functionality, and effectively "integrating" the old and new systems. This can ultimately lead to "achieving an IT system that is in line with the times, quickly and at low cost." In this case, too, such an approach is likely to be desirable in many practical situations.

Even older software can sometimes be sufficient.

Even when it's difficult to address the issue at the system level itself, it's possible to address it by re-protecting the "parts that have contact with the outside world" in terms of data and communication from the threat of quantum computers. This makes it entirely possible to preserve legacy systems effectively without a complete overhaul.

Furthermore, just because something is "existing software, etc." doesn't mean it's incompatible. For example, IBM's mainframes have already made progress in post-quantum cryptography support, and an environment has been established where they can be used without any particular problems.

HULFT, a file transfer middleware, offers a way to successfully integrate legacy systems with the cutting edge of IT.

There are other things for which similar measures have been taken.

Our file transfer middleware, "HULFT," has long been used as the de facto standard foundational product for secure, reliable, and safe data integration, primarily on mainframes and UNIX systems. It has supported AES encryption for some time, and will continue to support post-quantum cryptography as needed.

Furthermore, HULFT is now advancing its capabilities to meet the demands of the latest IT world, including support for object storage such as "file transfer with Amazon S3" on AWS, and "functionality development that anticipates operation on containers for microservice architecture systems."

Rather, by "connecting" them with HULFT, you can use it as a foundation to freely link and utilize the old and new worlds of "legacy systems" such as mainframes, Unix, and client-server systems with "new IT systems" of the cloud era, with complete "safety and security" that also takes into account countermeasures against quantum computers.

For more information about file transfer middleware "HULFT", please click here.
HULFT Series | Services

Connecting technologies that make it easy to switch between cloud services and packaged software.

Even if the solution is to "find and replace with an alternative cloud service or packaged software" because a suitable solution for post-quantum cryptography is unavailable, "replacing what is already being used" is generally neither easy nor quick.

Data migration from existing systems is usually necessary, and preparing the necessary data conversion processes after ensuring data integration between the old and new systems often involves a great deal of effort.

Furthermore, it's not always possible to switch over the systems all at once on a given day. If a period of parallel operation is unavoidable before the migration, it will require even more effort and time.

Alternatively, due to such circumstances, it's quite common to find that people "want to migrate to cloud services but haven't been able to" or that "frequent manual data transfers between multiple cloud services have become necessary."

The core issue is "data integration."

Such situations are undesirable from a business perspective. For example, when a generative AI emerges and a company wants to use it, the question arises: how do we data integration it with existing systems? This can make implementation difficult, or conversely, one might ignore these issues and implement it anyway, only to find that it's not connected to other IT systems, preventing effective use and resulting in no tangible results. These are all similar problems, and moreover, "common situations."

To enable the rapid adoption of alternative cloud services and packaged software, which is also required for post-quantum cryptography, it is desirable that these "data integration issues" be resolved.

Please utilize "connecting" technology

There are ways to efficiently develop these various "integration processes" using only a GUI. These are "connecting" technologies such as "DataSpider" and "HULFT Square," also known as "EAI," "ETL," and "iPaaS." By utilizing these, it is possible to smoothly and efficiently integrate old and new systems.

For more information about data integration software "DataSpider," please see here.
DataSpider Servista | Services

For more information about HULFT Square, a cloud service that enables you to "connect" things, please see here.
HULFT Square | Services

In conclusion: The "threat of quantum computers" that we should fear correctly.

In the world, quantum computers are often described as having processing power far superior to conventional computers. However, in reality, it is not believed that they will generally be able to solve "NP-hard" problems. Rather, they will only be able to "increase the variety of problems that can be practically solved."

It seems that some explanations of the threat to existing cryptographic technologies give the impression that all existing encryption methods will be broken. However, as explained, it is believed that public-key cryptography and hash functions can be adequately dealt with by using AES256 encryption and ensuring sufficient key length.

On the other hand, in the field of public-key cryptography, which is an important technology for ensuring the safety and security of society as a whole, there are concerns that the encryption techniques used conventionally may be broken after quantum computers become practical.

Specifically, it's important to understand that there's a risk that personal information and credit card numbers sent via HTTPS today could be deciphered in the future, making immediate action desirable. It's also crucial to be aware that the credibility of previously used electronic signatures may be lost in the future due to the ease with which they can be forged or altered.

However, even with public-key cryptography, "new cryptographic technologies" such as lattice cryptography, which address the threat of quantum computers, have already been developed and are already beginning to spread. The practical application of quantum computers is still some time away, but even so, "immediate action" is desired.

However, the specific measures we should take are rather familiar ones, such as "always make sure you can update to the latest version." However, there are situations where we need to consider how to deal with "existing IT assets." And it seems that the essence of that problem can be alleviated by "connecting" them.

Furthermore, quantum computers are not only a threat to security and safety, but they should also bring us new benefits by solving problems that were difficult for conventional computers. The fact that AES encryption is not fatally affected, while RSA encryption is, presents a "mottled" reality that I believe may offer clues to understanding what will happen and what we should do after quantum computers become practical.

Similarly, quantum computers will likely produce problems that can be dramatically solved and problems that cannot. I believe the challenge in the future will be how to leverage these dramatically improved problems in business and how to utilize them to achieve significant results (apart from "decrypting vulnerable RSA encryption with harvest attacks to do bad things").

Related keywords (for further understanding)

Are you interested in "iPaaS" and "connecting" technologies?

Try out our products that allow you to freely connect various data and systems, from on-premise IT systems to cloud services, and make successful use of IT.

The ultimate "connecting" tool: data integration software "DataSpider" and data integration platform "HULFT Square"

"DataSpider," data integration tool developed and sold by our company, is a "connecting" tool with a long history of success. "HULFT Square," a data integration platform, is a "connecting" cloud service developed using DataSpider technology.

Another feature is that development can be done using only the GUI (no code) without writing code like in regular programming, so business staff who have a good understanding of their company's business can take the initiative to use it.

Try out DataSpider/ HULFT Square 's "connecting" technology:

There are many simple collaboration tools on the market, but this tool can be used with just a GUI, is easy enough for even non-programmers to use, and has "high development productivity" and "full-fledged performance that can serve as the foundation for business (professional use)."

It can smoothly solve the problem of "connecting disparate systems and data" that hinders successful IT utilization. We regularly hold free trial versions and hands-on sessions where you can try it out for free, so we hope you will give it a try.


Why not try a PoC to see if "HULFT Square" can transform your business?

Why not try verifying how "connecting" can be utilized in your business, the feasibility of solving problems using data integration, and the benefits that can be obtained?

  • I want to automate data integration with SaaS, but I want to confirm the feasibility of doing so.
  • We want to move forward with data utilization, but we have issues with system integration
  • I want to consider data integration platform to achieve DX.

Glossary Column List

Alphanumeric characters and symbols

A row

Ka row

Sa row

Ta row

Na row

Ha row

Ma row

Ya row

Ra row

Wa row

»Data Utilization Column List

Recommended Content

Related Columns