The US National Institute of Standards and Technology (NIST) has published draft standards for three algorithms aimed at withstanding attack by quantum computers.
Of the three published so far, CRYSTALS-Kyber is designed for general encryption purposes, such as creating secure websites. The other - CRYSTALS-Dilithium and SPHINCS+ - are aimed at protecting digital signatures.
A fourth, FALCON, is also designed for digital signatures and will be published in 2024.
Quantum technology remains a specter looming over cryptography and has the potential to crack many - if not all - public key encryption techniques. Current techniques are based on mathematical problems that a classical computer would struggle to solve.
The promise of quantum computers - if and when they finally arrive in a usable state - solves those problems, effectively making current encryption techniques redundant.
NIST acknowledged that quantum computers remained in their infancy and systems powerful enough to defeat encryption algorithms did not yet exist. However, it said: “It’s important to plan ahead, in part because it takes years to integrate new algorithms across all computer systems”.
More on quantum and encryption
The point was echoed by Tim Callan, chief experience officer at Sectigo, who urged organizations to adopt a crypto-agile stance that permitted cryptography to be changed at will. He said: “Amazingly, most enterprises can't even tell you what cryptography they have implemented, where it is, how it's being used, whether or not it meets current standards”.
NIST’s announcement has been years in the making. Its efforts to develop quantum-resistant algorithms began in 2016 and have culminated in draft Federal Information Processing Standards (FIPS) for the selected algorithms.
An additional set of algorithms is expected in 2024 to augment the first set. Dustin Moody, a NIST mathematician and leader of the project, said that the second sets would likely only consist of one or two algorithms and would be designed for general encryption. They would also be based on different mathematical problems, affording alternative defense methods.
That need for an alternative defense method was underscored in 2022 when one algorithm planned for the second set, SIKE, was cracked with a conventional computer.
RELATED RESOURCE
Addresses security and compliance concerns while reducing your dependence on scarce cloud security talent.
NIST is far from alone in planning for a future where traditional encryption techniques might be defeated by quantum computers. Google recently announced it would support X25519Kyber768 for TLS secrets in Chrome. The hybrid consists of X25519 - an elliptic curve algorithm, and Kyber-768 - a quantum-resistant key encapsulation method.
Echoing NIST’s remarks, Google said of the change rolled out in Chrome 116: “Many types of asymmetric cryptography used today are considered strong against attacks using existing technology but do not protect against attackers with a sufficiently-capable quantum computer”.
Callan applauded Google’s move to enable the changeover from traditional encryption, noting that a wholesale change of supporting hardware and software would be required. He also noted that the update “makes use of these algorithms much more practical in development or fully controlled environments”.
NIST expects that the completed post-quantum standards will replace three existing NIST cryptographic standards deemed most vulnerable to quantum computers: FIPS 186-5, NIST SP 800-56A, and NIST SP 800-56B.
-
M&S suspends online sales as 'cyber incident' continuesNews Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
-
Manners cost nothing, unless you’re using ChatGPTOpinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
-
Get started on post-quantum encryption, organizations warnedNews The UK's national cybersecurity agency is urging companies to begin preparing themselves for quantum threats by 2035.
-
C-suites consider quantum a serious threat and "amazing" deepfake attacks are just 'months away'News Deepfake technology has matured at a rapid rate, and video scams are likely to be a on par with the more convincing voice-only campaigns very soon, one expert says
-
GSMA partners with IBM, Vodafone on Post-Quantum Telco Network TaskforceNews The three organisations will work together to create a roadmap to implement quantum-safe networking
-
How quantum computing could change cyber securitySponsored The huge leap in computing performance from quantum computing poses a threat to traditional security, but there are steps you can take to guard against the quantum future
-
US unveils next-gen encryption tools to withstand quantum computing attacks
News The National Institute of Standards and Technology (NIST) hopes to offer a variety of tools for quantum-proof encryption
-
BT and Toshiba address QKD concerns with new trialNews The National Cyber Security Centre (NCSC) previously raised concerns of potential attacks
-
AWS launches quantum random number generatorNews The cloud giant is using an Australian university’s technology to help customers access random numbers for experiments through an API
-
Quantum security: The end of security as we know it?
In-depth It’s a core component of the developing DARQ technologies, but if a quantum computer performs as expected it could wreak havoc on cyber security
