Four cryptographic algorithms that will make it easier for organisations to keep data safe from future quantum computing cyberattacks have been selected by the US National Institute of Standards and Technology (NIST).
NIST has been working on the selection for the past six years and says the chosen models will “become part of the post-quantum cryptographic standard expected to be finalised in two years”.
NIST worked with teams of cryptographers around the world to devise and verify methods that could be implemented to resist an attack from future quantum computers more powerful than anything available today. They included tools developed, in part, by British-based PQShield.
The cybersecurity firm contributed algorithms known as Falcon, a digital signature algorithm, NTRU, a key encapsulation mechanism and had board members who contributed to CRYSTALS-Dilithium and SPHINCS+ which will be new standards for digital signatures.
NIST also chose CRYSTALS-KYPER as a new standard for public-key encryption, which was, in part, developed by PQShield advisory board members Professor Peter Schwabe and Professor Chris Peikert.
Professor Schwabe said: “Since the standardisation project began in 2016, there’s been a shift in attitudes towards [post-quantum cryptography], and it is now understood as a critical part of a secure future. Now, it is going to be exciting to see more and more applications and systems transition to this next generation of asymmetric cryptography.”
Preparing for quantum supremacy in cryptography
When quantum computing technology reaches a point known as quantum supremacy, where the machines can perform near errorless calculations impossible with classical computers, it will also render current cryptography solutions simple to crack. To solve this, governments, organisations and companies have been working on post-quantum cryptography solutions.
The White House issued a memorandum in January that called on government agencies to identify any encryption that isn’t compliant with “quantum-proof standards” and provide a timeline for transition to the new standards being developed by NIST.
The French national security agency (ANSSI) has also recommended an “immediate introduction” of post-quantum defences that could be deployed throughout the private sector in France.
These new global cryptography standards are likely to be used by companies and governments as they begin to plan their transition to quantum readiness. Experts predict quantum supremacy is anything from five to 25 years away.
“We knew quantum computers could break public key cryptography since 1995,” said Dr Ali El Kaafarani, PQShield founder and CEO in a telephone interview with Tech Monitor. “The NSA and governments didn’t take action until 2015 because that is when the technology advanced enough to start to need to find alternatives to RSA. This was the start of the standardisation project.
“We don’t know when we are going to have a quantum computer. People say 10-15 years but nobody can give you proof it won’t come earlier. Also, will someone actually tell you if they build it earlier, especially if they have malicious intent? The other issue is that it will likely take a long time to gradually switch to quantum cryptography. This makes it an urgent matter you need to start now.”
Bill Fefferman Assistant Professor, Department of Computer Science at the University of Chicago and an expert in quantum computing standards, told Tech Monitor it is likely these US standards would be globally adopted, adding that its vital they are implemented today to protect against future developments.
“While it’s true that large-scale, nearly perfect quantum computers capable of breaking cryptography are likely several years or even decades off, we have seen great recent experimental progress towards building quantum computers,” he said.
“With such important progress, it seems hard to predict exactly where we will be in the future. Replacing all of the susceptible public-key cryptographic schemes with postquantum schemes is a massive undertaking that will require updating or replacing a large amount of infrastructure. Therefore, it is particularly urgent that we begin to consider these issues today, rather than waiting until the last moment.”
Quantum encryption: ‘no room for complacency’
But Dr El Kaafarani warned there is “no room for complacency”. He said: “Across sectors, the race is now on to implement the new cryptographic defences, protecting data wherever it is vulnerable. Now, having actual standards to follow will help companies to put concrete transition roadmaps in place.”
The new algorithms selected, as well as four additional algorithms being considered for inclusion in the standards in future, are designed for two primary tasks: general encryption to protect information sent over a public network; and digital signatures used for authentication.
CRYSTALS-Kyber, selected for generalised encryption has “comparatively small encryption keys that two parties can exchange easily” and operates at speed, according to NIST.
Those tools selected for digital signatures, allowing documents to be signed and verified, include CRYSTALS-Dilithium, FALCON and SPHINCS+. The first is best as a primary algorithm and FALCON used for applications requiring smaller signatures. The final is the slowest and largest but is a “valuable back-up” as it is based on a different mathematical approach to the other three.
All but SPHINCS+ run on a family of maths problems known as structured lattices, whereas SPHINCS+ uses hash functions, a NICS statement explained.
Quantum cryptography standards: prepared in advance
Dr El Kaafarani said the post-quantum standards work has only just begun. He said companies should begin creating a roadmap to post-quantum. “I wouldn’t advise anyone to start switching randomly because cybersecurity doesn’t work this way. There needs to be software, hardware, protocols and other layers that need to change and adapted to be post-quantum secure. This takes time and needs to be planned out properly, but companies should be developing a roadmap.”
One of the products developed by the firm is a hybrid solution, that has been certified by NIST and comes with both an RSA and post-quantum layer. This is already being used by firms like Raytheon and Microchip with others due to be announced soon.
Andersen Cheng, CEO at Post-Quantum, another post-quantum company that has an algorithm under consideration for the next round, said: “Quantum computers continue to be the biggest existential risk to our information security, and the threat they pose to our data is already on our doorstep today in the form of harvest now, decrypt later attacks.
“It has become increasingly clear over recent months that the world is starting to realise this and ramping up efforts to upgrade defences, yesterday’s announcement is a milestone, providing clarity on the algorithms that will eventually protect everything we do online.”
He said that traditionally it takes about two decades to properly deploy modern public-key cryptography infrastructure, so while it is impossible to say when quantum supremacy will happen, it is important to be ready as early as possible.