National Institute of Standards and Technology (NIST) has announced the first batch of finalists in the standardization process for post-quantum cryptography. This announcement is a breakthrough towards Y2Q: the year that quantum computers will be strong enough to break RSA and ECC-based cryptography. According to the Y2Q count-down clock from the cloud security alliance, quantum computers pose a severe danger to cybersecurity. Post-quantum encryption has to be secure, effective, and standardized as part of the critical and challenging transition to quantum-safe technologies.
The four standardized post-quantum cryptography algorithms are CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon, and Sphincs+. Four additional algorithms (BIKE, Classic McEliece, HQC, and SIKE) will remain under consideration for further study. The standardization project for post-quantum cryptography began six years ago with 82 entries from cryptographers submitting their algorithms. Cryptographers were assessed and chosen during the previous six years based on security, cost and performance, algorithm, and implementation features. The proposed method Rainbow was recently found to be vulnerable, even against traditional assaults, demonstrating the value of a thorough examination procedure. NIST’s announcement came after the third round of evaluation, but the evaluation will continue over the following few years, and a complete standard is anticipated by 2024.
NIST has chosen algorithms for digital signatures and key exchange. Digital signatures are applied in authentication, while key exchange is used in encryption. In these instances, post-quantum cryptography is to replace RSA and Diffie-Hellman. Multiple algorithms are selected for each class of post-quantum cryptography because different properties are needed for other uses. Note that the properties of post-quantum cryptography, such as size, verification, and signing performance, are different from conventional cryptography.
NIST recommends Dilithium for general-purpose digital signatures, Falcon for applications that require small signatures, and Kyber for penetrating secure websites. The three algorithms are based on the mathematical principle of structure lattices. SPHINCS+ is to be used as a backup option for signatures. However, it is based on hash functions.
The flaw in these quantum-resistant cryptographic algorithms is that there isn’t always a simple drop-in replacement due to the large public key and signature size and the poor verification and signing performance of the existing post-quantum cryptographic techniques.
Post-quantum cryptography may not work well in embedded systems or IoT devices with limited resources. While our computers have large RAMs, IoT devices have smaller RAM, less storage, and faster clock speeds measured in Megahertz than Gigahertz. Nonetheless, many essential infrastructures are managed by embedded systems and IoT devices and must be secure, but they still need cryptography that doesn’t take seconds to operate. The extended lifespan of IoT devices also poses a challenge to upgrading their encryption.
Another issue is that some signature methods may not work well with online apps. TLS, the protocol used in many applications to connect browsers, users, and servers, uses small and quick signatures. It is challenging to protect systems, such as payment infrastructure, because of the widespread usage of TLS and the enormous number of factors and variables. Evaluating the effects of quantum-safe protocols and configurations in sensitive situations is an excellent idea for choosing the best protocols and settings. It is evident that the NIST standards merely represent the start of a difficult transition to quantum-safe technology. Algorithms will continue to be improved over the following few years until the final goal date in 2024. We should expect that the four finalists will be compromised in the same way 3DES, SHA-1, or MD5 have been declared broken in time due to improved knowledge.
Since cryptographic algorithms and their implementations are becoming popular, businesses must adapt to these developments more quickly and effectively. NIST defines crypto agility as a security system’s capacity to quickly switch between algorithms, cryptographic primitives, and other encryption processes without affecting the rest of the system’s architecture. Fortunately, crypto agility can be deployed using the available technology, but it also presents a significant organizational challenge for businesses. Therefore, proactive businesses that recognize the impending danger posed by quantum computers may act now to fortify themselves against one of the biggest security dangers by embracing post-quantum cryptography.