Preparing for the Quantum Leap: A Panel on Post-Quantum Cryptographic Readiness

Disclaimer: For better readability, the original transcript has been formatted into continuous text. To experience the panel discussion in its original form, we recommend watching the video recording [please note, the panel was held in German].

The panel discussion, „Auf dem Sprung ins Quantenzeitalter: Die Dringlichkeit von PQC,“ was part of our Securosys Update Event on February 29, 2024. Participants included Rolf Oppliger, cybersecurity expert at the NCSC, Tobias Christen, Head of Enterprise Security Architecture at the Migros-Genossenschaftsbund, and Marcel Dasen, VP Engineering at Securosys. The discussion was moderated by Robert Rogenmoser, CEO of Securosys.

The Experts

Rolf Oppliger serves as a consultant at the Federal Office for Cybersecurity (NCSC) and as a titular professor in security at the University of Zurich. He is also the editor of a book series on information security and applied cryptography published by Artech House. His current focus at the NCSC is risk management and the development of heuristic methods for risk assessment.

Tobias Christen is a computer scientist with extensive experience in security architecture, having worked for companies such as Novartis, UBS, and Zurich Insurance. After 15 years as the founder and CEO of DSwiss, a provider of secure data storage and exchange solutions, he has been leading the Enterprise Security Architecture at Migros Cooperative Federation for the past year and a half, building a modern security architecture with a new team.

Marcel Dasen brings over 20 years of experience in developing integrated products and leads product development at Securosys. In this role, he is instrumental in implementing innovative solutions that meet the highest security standards.

Robert Rogenmoser, CEO of Securosys, guided the discussion.

Migros’ IT Landscape and Security Strategy

The discussion kicked off with an inside look at Migros-Genossenschaftsbund’s IT ecosystem, which spans over 3,000 retail locations and more than 230 subsidiaries across sectors like education and healthcare. This extensive infrastructure supports a wide range of operational needs, including industrial controls and warehouse management.

Tobias Christen explained how this decentralized IT structure, where subsidiaries traditionally manage their own systems, has created challenges, including inefficiencies and high costs. By centralizing IT systems, Migros is addressing these issues, improving professionalism, and reducing costs.

Migros has also made significant progress in cybersecurity, establishing an accredited Cyber Defense Center and advancing Identity Access Management (IAM) through automation and centralization. These efforts include integrating hardware security modules (HSMs) to enhance security.

Quantum Computing: Threats and Opportunities

The conversation shifted to quantum computing’s potential and risks. Rolf Oppliger underlines that quantum computers, while promising for optimization tasks, pose a significant threat to asymmetric cryptography.

Rolf Oppliger highlighted the global race among nations but also corporations like Google and IBM, investing heavily in quantum computer development. Financial incentives, including research grants, also drive these advancements. He and Marcel Dasen emphasized that symmetric algorithms, like AES, remain secure with increased key lengths, while classical asymmetric methods such as RSA and ECC are vulnerable.

The panel underlined the critical risk of “record now, decrypt later,” where attackers store encrypted data with the intention of decrypting it once quantum computers become capable, reinforcing the urgency of adopting post-quantum cryptography (PQC) to protect sensitive information over the long term.

Long-Term Data Storage and Cryptographic Challenges

One of the major challenges of quantum computing, as Marcel Dasen explained, lies in long-term data storage. Organizations rely on digital signatures for data integrity, but if asymmetric cryptography is compromised, the trustworthiness of these signatures could collapse, requiring data to be re-signed or re-encrypted.

Drawing from his experience at DSwiss, Tobias Christen noted that while AES 256-encrypted data remains secure, the asymmetric keys used to protect the symmetric keys are vulnerable. He warned that the validity of digital signatures might lose their validity in a near future, making it critical to develop strategies for swift replacement.

Strategies and Plans for Post-Quantum Cryptography

The conversation turns to strategies for adopting PQC. The Federal Office for Cybersecurity is following the developments of the NIST, which oversees an open competition to select post-quantum cryptographic algorithms. These standards will be integrated into systems where feasible, but their implementation in legacy systems presents challenges, and a universal deployment timeline remains undefined.

 On the other hand, Migros has proactively taken steps toward quantum-safe security. Two years ago, the company initiated its PQC journey, establishing a competence center to evaluate potential quantum threats and test hybrid cryptographic solutions.

Collaborating with IBM Rüschlikon, with their impressive roadmap in quantum computing and local expertise, Migros conducted proof-of-concepts for hybrid cryptographic methods, exploring their feasibility in applications like VPNs and digital signatures. From 2025, Migros plans to purchase only quantum-safe products, reflecting the long investment cycles of IT systems.

Tobias also highlighted efforts to prepare internal development teams for crypto agility, enabling them to update algorithms as needed to ensure a seamless transition to PQC.

Marcel explains that hybrid methods require larger keys and more storage, which plays a significant role in the performance of systems on a technical level. However, in the daily use of end users, this performance impact will hardly be noticeable.

Standardization and Open Questions in Hybrid Methods

Despite progress, challenges remain. Marcel pointed out that while post-quantum algorithms are finalized, protocols for using them—such as in hybrid encryption—are still evolving. Rolf emphasized that even secure algorithms can fail if implemented incorrectly.

Marcel also observed that hybrid encryption key-wrapping has received little attention, and while companies like Apple and Signal have adopted hybrid methods for closed systems, broader standardization for open systems like TLS will take time.

In response to audience questions about certification, Marcel acknowledged that the validation of new algorithms is in its early stages and will develop gradually. He underscored the importance of devices like HSMs in ensuring foundational security during this process.

The Urgency of Preparing for PQC

The panel concluded with a focus on the urgency of transitioning to PQC. Rolf Oppliger emphasized that organizations have a rare luxury: time to prepare before quantum computers capable of breaking RSA become a reality. He advocated for early preparation to adapt existing standards.

Tobias, however, warned that technological advancements could accelerate unexpectedly, urging organizations to encrypt data needing protection for more than five years with quantum-safe mechanisms now.

Marcel emphasizes that many organizations have yet to implement fundamental security measures like access control and data encryption. These priorities should take precedence before focusing entirely on PQC.

Key Takeaways

The panel delivered a clear message: quantum computing represents both opportunities and threats. While symmetric cryptography remains secure, asymmetric methods face significant challenges. Adopting hybrid cryptographic solutions and preparing for PQC are essential, requiring careful planning and long-term investments.

Although the timeline for quantum computing threats is uncertain, the groundwork for a quantum-safe future must be laid today.