We need a new security ecosystem for many reasons.

The interdependent web of our critical infrastructures and information systems undergirding the global village are fundamentally insecure on account of poorly designed systems, poor integration of cryptographic and security functions, a low assurance development model and the choice of marginally secure cryptographic primitives. Many of our critical global communications networks offer little to no security against targeted malice. Complex interdependent systems are designed with single points of failure that can impact millions of people. The entire system must be systematically hardened.

In particular it is recognised that one of the cornerstones of modern cryptography is at risk of abrupt and catastrophic failure with the arrival of code-breaking quantum computers.

Cryptographic primitives such as block ciphers, stream ciphers, hash functions, key exchanges and digital signatures are the fundamental building blocks which modern computer security is built from. A secure cryptographic primitive on its own cannot guarantee security. Conversely a weak cipher offers no security or worse, the illusion of security.

Cryptographic security has always been a moving target. Cryptographic security is influenced by advances in cryptanalysis (mathematical attacks against ciphers), advances in computing power and advances in our understanding of physics. Today we are entering into the next great shift in cryptography. To quote an official publication advising on the strength of different cryptographic primitives by the European Network of Excellence for Cryptology (ECRYPT), a European FP7 program that coordinates over 32 organisations including Ericsson AB (Sweden), France Telecom, Gemalto, IBM Research GmbH (Switzerland), MasterCard Europe sprl (Belgium), Vodafone Group Services Ltd (UK) and over 20 leading European universities:

Advances have often been done in steps, and beyond approximately 10 years into the future, the general feeling among ECRYPT partners is that recommendations made today should be assigned a rather small confidence level, perhaps in particular for asymmetric primitives. ... For instance, signing a message both with RSA and discrete logarithm technology does not offer any additional security if quantum computers become a reality.

The recommendations in this report assumes (large) quantum computers do not become a reality in the near future.

Today a vast array of important data is secured by at-risk public key algorithms. This data has been and continues to be recorded. The longer the at-risk systems are used the more data we ultimately are providing to the attackers for eventual decryption and exploitation.  It can take more than a decade to migrate to a post quantum secure cryptographic ecosystem and so if a code breaking quantum computer is created 'by the wrong people' for example in five years, and no attempt has been made to begin a migration, then a complete rip and replace exercise becomes mandatory at incalculable cost and effort.

Every year that we delay a migration the larger and more complex the global community and its transactions become.  The cost to begin to migrate a global system in 5 years from now will be exponentially more expensive given the speed with which major populations such as China, India and South America and also under developed nations are entering the global economic village.

Click here to learn about the quantum computing advances that are leading to greater discomfort and uncertainty in the global cryptographic community.

Click here to learn more about the conservative security strategy Synaptic proposes to comprehensively manage these known risks on the event horizon.