Post-quantum cryptography may sound like science fiction, but according to DigiCert’s global chief, Dr Amit Sinha, the urgency to prepare is real – and Australia must start modernising its cryptographic infrastructure now.
Speaking with InnovationAus.com publisher Corrie McLeod on The Commercial Disco podcast, Dr Sinha warned that post-quantum threats, exploding machine identities and shrinking certificate lifespans are converging into a “perfect storm” for digital security leaders.
“This is a once-in-a-30-year upgrade to your entire trust fabric,” Dr Sinha said.
He warned that, for most large businesses and government agencies “even if they start today, they’re already out of time.”
Public Key Infrastructure (PKI) has been a foundational component of secure digital communication for more than three decades. From encrypted emails and secure banking to digital document signing and trusted software updates, PKI enables identity verification and data integrity across the internet.
“Think of PKI like a passport system for machines,” Dr Sinha explained. “It lets your phone trust your bank’s website, it ensures your medical records are protected, and it verifies that your software hasn’t been tampered with.”
Yet as digital infrastructure becomes more complex and interconnected, especially with the proliferation of AI agents and cloud-based systems, PKI is under increasing strain.
New industry standards are reducing the lifespan of digital certificates from the current 398 days to just 47 days. That change, coupled with the rapid increase in machine-to-machine interactions, is creating significant operational pressure.
“Imagine if your passport went from being valid for five years to just six months,” Dr Sinha said. “And you had to manage not one, but a hundred million passports. That’s the scale of the challenge some organisations face today.”
The looming risk is that quantum computing has the potential to render traditional encryption obsolete almost overnight.
“All PKI is based on math problems that are hard to solve with today’s computers, like factoring large numbers,” Dr Sinha said.
“Quantum computers can break these problems orders of magnitude faster.”
Quantum capability is still emerging, but breakthroughs are accelerating. Tech giants like Google have claimed quantum chipsets capable of calculations that would take current supercomputers “longer than the lifetime of the universe.”
“You’ll have a ChatGPT-like moment where the world suddenly realises it’s here,” Dr Sinha said.
According to Dr Sinha, the first step for businesses and government agencies is simple: take inventory of your cryptographic infrastructure.
“Know where all your cryptography is, prioritise what’s most critical – your crown jewels – and start planning migration to post-quantum-safe algorithms,” he said.
Standards for post-quantum cryptography (PQC) already exist, and DigiCert supports them. The US National Institute of Standards and Technology (NIST) finalised its recommendations in late 2023, and Gartner has advised organisations to retire existing cryptography by 2029.
“The key message is that crypto agility, the ability to rapidly replace or upgrade cryptographic systems, is a here-and-now problem,” Dr Sinha said.
“It’s not just about post-quantum readiness. With shrinking certificate lifespans and exploding machine identities, organisations already need to modernise.”
While Australia’s awareness of PQC and cryptographic risk is improving, Dr Sinha said most organisations are still early in their journey.
“A year or two ago, the common reaction was ‘What’s PQC?’ Now it’s, ‘Yes, this is a problem. How can you help?’” he said.
Some Australian enterprises are taking early action by deploying automation, conducting inventories and beginning to test post-quantum algorithms. Others, Dr Sinha noted, are still moving through the “acceptance curve,” from denial to realisation.
DigiCert’s Trust Summit Roadshow’s that took place globally pointed to stronger preparedness in countries like the United States and Israel, where government investment, university integration and commercial urgency are driving faster adoption of quantum-safe systems.
“In the US, the government is actively investing in dual-use technologies, universities are embedded in startup ecosystems, and there’s a fully integrated innovation engine,” Dr Sinha said. “Right now, Australia is more on the receiving end of these changes than the creating end.”
Still, he believes Australia can accelerate through coordinated policy and industry action.
“The more we digitise, the more vulnerable we become,” he said. “And resilience must be systemic. We can’t treat cryptography like plumbing anymore. It has to be strategic.”
Do you know more? Contact James Riley via Email.