An interview with Avesta Hojjati, Vice President of Engineering, DigiCert
For almost half a century, encryption algorithms have kept data safe. No matter how powerful today’s classical computers get, that encryption would still take thousands — or even millions — of years to break.
The advent of quantum computing has changed all that. Put simply, some problems that are arduous for classical binary computers to solve, including the mathematical problems behind today’s encryption methods, are easy for quantum computers.
What’s kept classic encryption measures viable so far is that quantum computers aren’t stable or powerful enough to be used to attack them. Someday soon, that will change.
“At some point — we really don’t know if it’s tomorrow, a week or a month from now — all these classical algorithms will be broken,” said Avesta Hojjati, of DigiCert, the web’s oldest certificate authority and a leading provider of digital trust.
“At DigiCert, we call it Q Day.”
Not One Solution, but Many
Under National Security Memorandum 10, federal agencies must address quantum’s security threat.
The good news is that there are solutions — and that’s plural. “You want capabilities that allow you to move to multiple solutions because any one solution could [become] vulnerable,” Hojjati said. The key is to build in agility to respond to changing threats.
“The first step is to do a discovery of [an agency’s] landscape, the second step is to automate those endpoints and the third step is maintaining this posture every day,” he said.
Discovery requires cataloging all the forms of encryption your system uses, he said. “Make sure you understand every single one of your cryptographic algorithms,” Hojjati advised. “And this goes wide and deep in your organization. It goes wide because you should be able to integrate it with other discovery solutions, and deep to reach the silos and buckets [held] within an organization. You can’t automate what you can’t see.”
Automating the Change
A platform such as DigiCert’s Trust Lifecycle Manager begins with automating the discovery process. But automation goes much further by deploying new cryptographic standards agencywide. It can replace old algorithms with quantum-resistant ones and configure them without extensive manual intervention.
DigiCert has been helping customers prepare for Q Day since 2017, implementing its solutions for multiple use cases. Through its DigiCert Post Quantum Cryptography (PQC) lab, users can familiarize themselves with new, post-quantum algorithms for free. The company integrated those algorithms into every product it provides.
And through its Trusted Quantum Advisory Program, DigiCert educates organizations on their PQC needs, builds them a specific strategic road map to be quantum-safe and deploys specific discovery solutions for their environment, Hojjati explained.
“All of this comes in a package which is end-to-end, meaning from education to discovery to building your road map, all the way to maintaining this PQC posture,” said Hojjati. “We hold the hands of customers to make sure they go through this journey without any blocks.”
This article appeared in our guide, “Quantum Computing 101: Getting Ready for Tomorrow’s Tech.” To learn more about this groundbreaking technology, including how and when it will impact you, download the guide here: