By the end of the decade, all data transmission will need to be quantum-proof. Only a fraction of companies have started preparing.
To start with, a wild fact: eighty percent of the world’s companies and organizations are not prepared for the arrival of quantum computers in any way. They do not use quantum-safe algorithms to encrypt digital signatures, personal data, product or even state secrets.
But quantum computers are a reality, and they will be in use in five or ten years, or whenever they are. The important thing is that it happens.
And here’s another crazy piece of information: according to some estimates, government intelligence organizations will have access to quantum computers five years earlier than ordinary users.
“I am excited and terrified at the same time,” commented Jiri Uitto, CTO of Unikie’s security and defense business.
“All of the above means that when you sign something today, you are using an algorithm that can be broken by a quantum computer. How can history be proven correct in twenty years?”
Worry is not a windblown thing
If Uitto’s concern seems strange, let’s unpack it a bit. There are mainly two types of encryption algorithms in use today: algorithms based on encryption key exchange, which make communication secure, and digital signature algorithms, which can guarantee the integrity of data or verify the identity of the signer. Both of these so-called asymmetric encryption algorithms crack with a snap when attacked with the computing power of a quantum computer.
“Information security experts have been saying for years that sufficiently long passwords must be used to encrypt data,” Uitto states.
“It’s a bit ironic that when users have gradually been led to believe this message, they have to be told that it’s no longer enough.”
How is the authenticity of a digital signature verified?
The same applies to digital signatures.
Their use is already becoming quite common, but when the signature encryption is broken, it is impossible to verify the authenticity of the signature.
“Signatures from the pen-and-paper era are, in a way, eternal, if the papers are preserved. In cases of doubt, experts assess whether the signature is genuine. But there is no way to verify a cracked digital signature,” Uitto says.
“Who bought a house in Oulu/Finland, in 2025?”
Quantum-safe algorithms must be implemented immediately
Quantum-secure algorithms and various methods for quantum-secure encryption are already widely known. NIST (National Institute of Standards and Technology) published the first standardized algorithms in August last year in the United States. One of them defines the exchange of encryption keys and two define digital signatures.
“The implementation of quantum-safe algorithms should begin immediately,” says Jiri Uitto.
“Although we are already late. The transition will be a big and expensive operation. But it will be even more expensive if we delay it. My hope is that Finland could be a trendsetter in this. In Europe, Germany, France and the Netherlands have woken up to the issue so far. Others may be waiting for legislation, but there is no point in that.”
Finland’s quantum technology strategy, published at the end of April, specifies that Finland should play a significant role as a leading country in quantum technology by 2035.
“It won’t happen without significant investment.”
Embedded software security faces a new challenge
Embedded systems, which Unikie also develops for solutions in the automotive, defense, and manufacturing industries, are a whole new chapter.
“The world is full of sensors and various independent controllers, all of which are connected to data networks. Fortunately, no one has tested their vulnerability on a large scale, but unfortunately it may only be a matter of time before it happens,” Uitto sighs.
“Russia’s invasion of Ukraine has brought us into a new era. Even water utilities that were previously of no interest to anyone are suddenly critical infrastructure.”
According to Uitto, the challenges of quantum-safe protection of embedded systems include the low processing power and limited memory of IoT devices. Power consumption also poses problems.
“Fortunately, there are solutions. The computing power required by the algorithm can be achieved with a purpose-designed embedded circuit, or ASIC. However, the use of ASIC is limited by the fact that the algorithm programmed into the silicon surface cannot be corrected afterwards, for example if the encryption needs to be further strengthened,” Uitto explains.
“That’s why a reprogrammable FPGA is a better solution.”
All projects requiring Unikie encryption are already implemented in a quantum secure manner.
“We started the first such project in 2018, and since then we have done several more. This is the future, but we at Unikie are already there,” Uitto concludes.
Learn more about Unikie’s offering for Cybersecurity.
This article was originally published in Finnish in Tekniikka & Talous.
