@NIST’s flagship post-quantum cryptography guidance that would help protect against decryption capabilities enabled by quantum computers aimed for release the week of Aug. 12.https://t.co/ymWuc44TfG
— John Prisco (@JohnJPrisco) August 11, 2024
The U.S. Commerce Department’s National Institute for Standards and Technology (NIST) has released the final version of three new encryption algorithms. These algorithms are designed to protect against the threats posed by quantum computing. For nearly three decades, experts have warned that a powerful quantum computer could break the most widely used forms of encryption.
This encryption currently protects everything from national security secrets to personal banking records. Today’s encryption relies on complex mathematical problems that classical computers struggle to solve. For example, cracking the latest RSA standard could take a classical computer a billion years.
Any day now (or next week). Thanks to those who came to my post-quantum cryptography talk at @quantum_village @defcon . This migration is expected to cost Federal agencies over $7 billion. Then there are all the private sector upgrades! https://t.co/MzmZ9kNVCq
— Konstantinos Karagiannis (@KonstantHacker) August 10, 2024
However, in 1994, mathematician Peter Shor showed that a quantum computer could potentially break these cryptographic schemes in hours. To combat this threat, NIST has released three new algorithms: CRYSTALS–Kyber, CRYSTALS–Dilithium, and SPHINCS+. These algorithms were selected after extensive testing from an initial pool of 82 proposals.
NEWS: India, China, and a range of tech organizations in the EU and US are researching and developing cryptosystems that are grounded in quantum technology—what are called quantum-key distribution or QKD systems: https://t.co/PbDRoRG4Xy
#Quantum #QKD #quantumcomputing— Keyfactor (@Keyfactor) August 12, 2024
A fourth algorithm, FALCON, is expected to be released next year. The chosen algorithms use complex mathematical concepts. For instance, the CRYSTALS algorithms employ lattice-based cryptography involving up to 1,000 dimensions.
A just-released White House report reveals that the transition to PQC is estimated to cost U.S. federal agencies $7.1 billion by 2035, with costs likely to increase as agencies refine their plans and replace legacy systems. https://t.co/0FcA5flpyl #PQC #PostQuantumCryptography
— Keyfactor (@Keyfactor) August 12, 2024
This makes them exceptionally difficult for quantum computers to crack. There are growing concerns over “harvest now, decrypt later” (HNDL) attacks. In these attacks, hackers collect data now, hoping to decrypt it in the future using quantum computers.
nist’s quantum-safe encryption algorithms
Such attacks would likely target long-shelf-life data, including social security numbers, bank account information, and government or corporate secrets. Dario Gil, senior vice president and director of research at IBM, emphasized the urgency of adopting these new standards.
“Ignoring the problem would be a catastrophe,” he said. He stressed that transitioning to new cryptographic standards is a lengthy process that could take 10 to 20 years. NIST has worked with a wide range of mathematicians and cryptographers since it formally called for new quantum-safe algorithms in 2016.
The three newly approved algorithms underwent rigorous testing, with participation from up to 2,000 experts through various rounds of evaluation and NIST workshops. The development of these post-quantum standards comes amid growing national security concerns. This is particularly true with China’s significant investment of over $15 billion in quantum computing projects.
Experts believe that the first cryptographic threats will likely come from nation-states due to the massive complexity and resources required to build large-scale quantum systems. NIST’s National Cybersecurity Center of Excellence is ready to help companies and organizations transition to these new standards. “One of the first steps organizations should take is to inventory their current cryptographic use,” said Dustin Moody, who has led NIST’s post-quantum cryptography efforts since 2014.
“Ensure that IT departments are aware of the upcoming changes and are properly educated.”
Although the threat of quantum computing is significant, Moody remains confident in the new algorithms. “We have strong confidence in the algorithms that came out of this process. That’s not a 100% guarantee, but it doesn’t keep me up at night worrying.”
The U.S. government’s proactive measures aim to ensure that data remains secure in the face of evolving technological advancements.
This showcases the importance of forward-thinking in cybersecurity.