Palo Alto Networks this week released an open application programming interface (API) framework that organizations can use to more easily deploy encryption keys that are not likely to be broken by a quantum computer.

Rich Campagna, senior vice president for product management for Palo Alto Networks, said the Quantum Random Number Generator (QRNG) Open API framework also ensures there will be interoperability between the post quantum algorithms that will be used to create stronger encryption keys.

Developed in collaboration with Anametric, ID Quantique, Qrypt, Quantinuum, Quantropi and Quside, the QRNG Open API framework makes use of quantum mechanics principles to encrypt data in a way that generates truly random numbers.

Available via the Palo Alto Networks GitHub repository, the QRNG Open API is designed to be embedded into any application. Palo Alto Networks will later this year add support for it to its next-generation firewalls (NGFWs).

No one knows for certain when quantum computers will break existing encryption schemes used to encrypt data, however, it is generally expected to occur within the next five years, said Campagna.

The National Institute of Standards and Technology (NIST) has already defined a set of post-quantum cryptography (PQC) standards that the QRNG Open API framework makes easier to implement.

Replacing existing encryption frameworks can take years, so NIST is encouraging organizations to start the process now in anticipation of existing encryption schemes being eventually cracked, also known as “Q-Day.”

In the meantime, it is suspected that nation-states are already harvesting encrypted data in the expectation they will be able to decrypt it one day soon, using a quantum computer. The sooner organizations replace legacy encryption schemes the less likely it will be that data they thought was secure today might one day be used to extort payments for not disclosing, or simply dumped into a repository on the Dark Web for anyone to see.

The challenge, of course, is convincing senior business and IT leaders to make available the resources required to replace existing encryption algorithms. Given all the competing priorities organizations have today, it’s often difficult for cybersecurity teams to convince executives to address a threat now that might not manifest for years.

Of course, recent quantum computing advances such as the Willow project being advanced by Google suggest those advances are occurring at a faster rate, and researchers in China claim they have already used a quantum computer to break a 50 integer RSA algorithm. No longer widely used, that achievement may be a harbinger of similar research efforts to break more advanced cryptography frameworks.

Undoubtedly, havoc will ensue when Q-Day does eventually arrive. Many organizations will still be relying on legacy encryption frameworks to protect data. Hopefully, that data remains protected, rather than in a repository that cybercriminals are now gleefully using to uncover any number of secrets. After all, if it was worth encrypting in the first place, chances are that even years from now the data is going to still retain some of its value.