Quantum Risk Research
Overview
Anticipation for the transformative potential of achieving quantum advantage is driving significant interest and investment in the accelerating maturation of quantum computing, networking, and sensing. While benefits are expected to be significant, the accompanying risk of cryptanalytically relevant quantum computers undermining current cryptographic systems is of equal or greater risk. U.S. Critical Infrastructure (CI) entities are anticipated to be prime targets of nation-state actors once access to mature quantum-powered computers is realized.
The University of Illinois’ Information Trust Institute is leading a research project to study how critical infrastructure and the rest of the marketplace including a vast supply chain is responding to this emerging threat. Central to this research project is the creation of a forum for open cross sector dialogue that supports the driving of strategy interpretation(s), assessment of solution integration challenges and the promotion of enhanced topical education and fact checking.
The research seeks to generate additional direct insight into the evolving level of preparedness across the marketplace and specifically those sectors that make up or support critical infrastructure. Assessment of the increasing threat surface and the pursuit of crypto agility will inform those who participate in various paths being pursued toward enhanced security in the face of the pending threat vector of cryptanalytically relevant quantum-enabled decryption. Read below for more context and some Informational Resources.
Effective Pursuit of Crypto Agility
The marketplace is currently challenged with achieving what is commonly referred to as crypto agility. One definition for Crypto Agility describes the capabilities needed to replace and adapt cryptographic algorithms for protocols, applications, software, hardware, and infrastructures without interrupting the flow of a running system to achieve resiliency. NIST CSWP 39, Considerations for Achieving Cryptographic Agility
However, crypto agility is more complicated than simply algorithms and associated configurations. Its pursuit is complicated by several factors that include data and device sprawl, organizational complexity, short-life certificates and the still being defined transition to quantum safe. In addition to operational challenges, external factors are also driving more rapid adoption of post quantum cryptography. Transition timelines (and in some cases deadlines) to adopt and use PQC algorithms are approaching. Most actions are being driven by a combination of the introduction of new PQC NIST standards in the fall of 2024, associated Federal Government (FIPS) requirements with 2030 dates, the desire to avoid liability for inaction and specific immediate concerns related to the threat of harvest now decrypt later. Additionally, continuous flow of news about fluctuating timelines in the advancement of quantum computing is driving ambiguity and variability in the marketplace reaction.
Many organizations are actively pursuing awareness, balancing risks against investment, and asking questions of the marketplace that is rapidly developing solutions to mitigate this emerging risk. The challenge is complicated by multiple interdependencies across a diverse stakeholder community. Crypto providers (standards bodies, library developers, hardware platform developers), Solution Providers (those developing cloud solutions, applications and system software), enterprise customers (business operations, information security professionals, and IT infrastructure defenders), and finally Organizational Leadership (CISO, C-Level, Owners, Board Members, Shareholders).
Project Update
A series of monthly group discussions began in April and will continue to create a forum to ask questions, promote open discussion, and the exchange of transition experiences, ideas and potential solutions. This group is made up of over 60 individuals from over 30 different organizations across critical infrastructure, all seeking to better understand and navigate mitigation of associated risks.
Check the Informational Resources section below for topical content that supports navigating the vast amount of information being generated to inform those who are personally challenges with understanding, formulating and acting upon risk mitigation strategies.
Informational Resources
Standards and Strategy
- NIST Website – Post Quantum Cryptography (Search for NIST Content and Updated Information)
- Cryptographic Resilience Community Profile (Governance Approach Introduced during April 23, 2025 call)
- NIST Cyber Security 39 - Cryptographic Agility (March 2025 - NIST Cybersecurity 39 – Reference Shared during April 23, 2025 call)
Educational Material
- Podcast Resource for Education and Quantum Marketplace Activity (Post Quantum World Podcasts)
- A Transport Layer Security TLS Primer (from Medium)
- Crypto Agility Maturity Model Version 1.1 9/23/2022 (CAMM – A Crypto Agility Maturity Model)
Request to Participate
Please send an email to the Project PI, Dominic Saebeler at dsaeb2@illinois.edu for additional information about this project and potential participation.