The National Institute of Standards and Technology (NIST) announced July 5, 2022, the first group of four encryption tools designed to tackle the looming threat of quantum computer crypto cracking capabilities. Four more are still being evaluated, and finalists from these will be announced in the future.
The need for post quantum cryptography (aka quantum-resistant encryption) is driven by the increasing belief that quantum computers with enough power to crack current PKI cryptography (used to secure communications today) will be available within five to ten years.
Because of this, it is believed that adversaries, including nation states, are already engaged in a wide-ranging ‘harvest now, decrypt later’ campaign. Communications are being stolen and stored, awaiting quantum decryption in a few years’ time.
Since secrets – and especially state secrets – have a long shelf life, it is imperative for national security and commercial intellectual property that no future secrets can be stolen in this manner. What has already been harvested and stored is lost; but future secrets can be protected by encryption that can resist even quantum-powered decryption.
NIST started a competition to select standard post quantum encryption algorithms in 2016, and the speed of the competition’s progress attests to the urgency of the issue. “We’re looking to replace three NIST cryptographic standards and guidelines that would be the most vulnerable to quantum computers,” said NIST mathematician Dustin Moody at the time. “They deal with encryption, key establishment and digital signatures, all of which use forms of public key cryptography.”
The intention has always been to have more than one quantum resistant standard option for each category. The four announced on July 5, 2022, are CRYSTALS-Kyber (for general encryption), and CRYSTALS-Dilithium, FALCON, and SPHINCS+ (for digital signatures).
Kyber can use comparatively small keys that can easily be exchanged by two parties. NIST recommends Dilithium as the primary algorithm for digital signatures, with FALCON available for applications that need smaller signatures. SPHINCS+ is larger and slower than these, but is included as a possible backup for one primary reason: it uses a different underlying math approach than the other three algorithms.
“NIST’s choices of lattice-based signature and KEM schemes, along with a symmetric setting signature scheme, give the community sound choices to begin the transition from today’s cryptography to those suitable for the quantum age,” comments professor Liqun Chen from the University of Surrey’s Center for cyber security.
On June 29, 2022, QuSecure announced that it had been awarded the Small Business Innovation Research (SBIR) Phase III Federal Government procurement contract for PQC solutions – making it effectively a recommended product for federal agencies while remaining available to private industry. QuSecure’s QuProtect product can work with any algorithm, both classical and quantum resistant, conforming to NIST’s purpose of providing options. Existing classical algorithms can be given post quantum resiliency by QuProtect, while newer post quantum algorithms can be incorporated, used and then swapped for alternative algorithms with ease.
“We have seen NIST shorten the timeline for their decision on quantum resilient cryptography from 2024 to July 5th,” comments Skip Sanzeri, co-founder and COO of QuSecure. “Pushing up the timeline is a direct response to the growing urgency of the quantum threat. Both the White House’s executive memos this year and the accelerated NIST standardization, combined with the international race to quantum advantage, underscore the importance of both government and enterprise starting this network upgrade cycle immediately.”
The open nature of the NIST competition meant it was little surprise that Kyber would be selected for standardization. QuSecure recognized this and used Kyber in a pilot project for the US government that has been running since June 21. Since then, “It has been protecting US Government airspace data with 100-percent up-time using the now-standard Kyber cryptosystem,” announced QuSecure.
Related: Quantum Computing’s Threat to Public-key Cryptosystems
Related: QuSecure Launches Quantum-Resilient Encryption Platform
Related: Quantum Computing Is for Tomorrow, But Quantum-Related Risk Is Here Today
Related: Mitigating Threats to Encryption from Quantum and Bad Random