
After five years of testing, the US standards body – the National Institute of Standards and Technology (NIST) – has announced its chosen cryptographic algorithms that will keep sensitive data safe from quantum computers.
Why are new algorithms needed?
We use cryptography every day, whether we know it or not. Our social media messages, online banking, email and shopping all rely on cryptographic algorithms that are designed, tested, approved and adopted by standards bodies and software developers worldwide.
Cryptography renders information unreadable without the correct decryption key, and the algorithms we use today to encrypt data are based on mathematical problems deemed too hard to be cracked by even the fastest computers.
Advertisement
Unfortunately, there are computers on the not-too-distant horizon that may be able to solve these. Once a practical quantum computer is created, breaking these algorithms will become not just easier, but trivial. In theory, such a machine would immediately render emails, bank accounts and cryptocurrencies vulnerable to attack. There have even been suggestions that spy agencies have begun hoovering up encrypted data and storing it, ready for the eventual arrival of a quantum computer that will let them decrypt it.
What has NIST been doing?
Because of the impending arrival of quantum computers, in 2017, NIST began testing 82 “post-quantum” algorithms that it believes could be resistant to the devices’ increased code-breaking ability. Some of the algorithms have been rejected due to flaws in their security, or problems with their implementation; some are strong but clunky, others are weak but streamlined. NIST needed to arrive at a solution that is robust to attack, but also doesn’t make our day-to-day lives harder.
In March, the group said that the final handful of winners would be announced later that month, but this deadline passed. at NIST declined to elaborate on the reasons for the delay, but whatever the mysterious hold-up was, it now seems to have been overcome. The organisation has now to officially back: CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON and SPHINCS+.
Why does NIST decide?
NIST may be the US standards organisation, but its decision is likely to be adopted worldwide, just as an EU decision to force mobile phone-makers to use a common charger is likely to lead to changed designs globally – it is simply too expensive and complex to create different software or hardware for different markets. The EU also when it talks about post-quantum security.
When can we start using it?
The announcement is the result of NIST’s third round of testing. These four algorithms have been chosen for standardisation immediately, while others have been rejected and four more will now be submitted to further testing.
But the good news is that there are now options for software developers – algorithms that they can begin to incorporate into their apps, websites and other tools without fear of having to rip them out and start again. The announcement will reassure critics such as Google, which had warned that the delay in choosing algorithms was putting security at risk.
Ali El Kaafarani at security firm says that much of the equipment he has sold in recent months is compatible with all of the shortlisted algorithms. “This means that end customers could be using software and applications that are protected by a hybrid of classical and post-quantum cryptography within just a few months, depending on the speed with which companies can roll out these updates,” he says. “However, we should all be aware that a full deployment of quantum-secure hardware across networks and devices can’t happen overnight.”
It may actually take years before all the services we use are robust to quantum attack. But in reality, the real risk is also several years away.