The National Institute of Standards and Technology (NIST) is almost ready to announce the first post-quantum cryptography standard. This is after a long time of development and researching.
Quantum Computing poses a real threat to current security protocols. Researchers and organizations around the globe look at ways of ensuring communications that dominate our lives remain secure.
NIST outline four issues for the Quantum Standard
Issue 1: Defining a Standard
NIST is well-aware that there is a need for cryptographic algorithms that are quantum-proof. More than three years ago, it launched a program that asked for proposals for such a program. After many rounds of elimination, 15 were left. Recently NIST began its most recent round, aiming to create a standard from these 15 be narrowing them down into subsets.
After the candidates are chosen, NIST will standardise the implementation of these algorithms on different systems. This is important as organisations can obtain these algorithms and install them quickly. Preferably before an attack happens.
This is a reaction to when many system administrators worked from home and failed to account for some security problems. There were issues with compatibility because different manufacturers had different encryption protocols. These problems were a nightmare for the admins.
Issue 2: A Variety of Approaches
NIST should be commended for trying to stay a step ahead in the need for post-quantum encryption. The selection round mentioned above resulted in two groups and can be found in a status report. Experts are invited to comment on the algorithms in the two groups.
This appears to be a sort of balancing act. NIST wants to standardise the algorithms so engineers can work on multiple systems without much change. And yet it also said that there must be room for different ‘avenues to encryption’ in case one fails or falls to a quantum attack.
That modern cryptography is not standardised strictly is perhaps why NIST wishes to think this way. A number of cybersecurity tools with different encryption protocols are used everywhere. Perhaps NIST just wants something to be called standard before it becomes adopted widely.
This approach has led to three ‘families’ of mathematical approaches. This allows for different ways to protect data, as each algorithm family has different characteristics. In the coming decades, their range of applications is only going to increase.
Eventually, the program is meant to have two or three recommended algorithms that can resist quantum computer attacks. One can be used in key exchange to improve the KPI system, while the others can be used to electronically sign documents and encrypt resting data.
Issue 3: An Uncertain Future
NIST’s approach is cautious and commendable, but it will not be the end-all solution. Even if there are algorithms developed that can resist quantum computer attacks, there is still a possibility of danger.
This kind of standardisation could fail if powerful encryption is not in place before attacks begin. A possible future scenario is if someone develops a powerful quantum computer capable of strong and quick attacks before counters are made to fight it.
Data already stolen is also not protected by post-quantum cryptographic standards. A quantum computer can simply steal information before decrypting it over some time. Data such as military secrets and Social Security numbers are vulnerable to theft of this sort.
Even when quantum computers become widespread, classical systems will still be in use. Cars and smart devices are some examples of this technology, and they will not be discarded soon. It is possible that quantum encryption might not be adopted widely and eventually be overtaken.
Issue 4: The Arms Race
Quantum-proof perfect secrecy is not likely to be possible, but it is good to be prepared. After all, being prepared is much better than being caught unaware. NIST is doing a good job by trying to stay ahead in this cyber-arms race.
