Risk estimation methodology in the post-quantum period

Abstract

The world is in the process of intensive creation and application of quantum technologies. On May 4, 2022, the President of the United States signed the «National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems». Therefore, advancing leadership is an important challenge in quantum computing in general, while reducing risks to vulnerable cryptographic systems. Accordingly, standardized scientific and methodological support for risk assessment should be justified, accepted and applied at the international and national levels when quantum computing is used in general and especially when quantum computing is used in cryptology. The purpose of the work is to substantiate and develop a risk assessment methodology for quantum computing used in cryptology in the so-called “post-quantum period”. With this aim in view the following components were taken into account: the use of methods that have not yet arisen to combat cybersecurity threats; determination of the essence of the quantum risk assessment methodology; identification and documentation of information assets and their current cryptographic protection; research on the state of quantum computers and quantum-safe cryptography. Quantum risk assessment is considered, an ideal approach for identifying and prioritizing threats and vulnerabilities, as well as laying the foundation for the reliable and cost-effective development of systems so that they are resistant to quantum attacks. Quantum risk assessment provides organizations with the knowledge necessary to understand the extent of their quantum cyber risk and the terms in which quantum threats can arise. This will provide the organization with a basis for proactively addressing quantum risks, building a path to a quantum safe state, and implementing and validating quantum safe solutions.