(ScienceMag) Cryptographers are meeting this week in Santa Barbara, California to discuss nearly two dozen schemes for encrypting messages in ways that even quantum computers cannot crack.
The workshop is part of a push by the National Institute of Standards and Technology (NIST) to set standards for so-called postquantum cryptography. The multiyear effort may sound premature and a bit paranoid, as such a quantum computer may never exist. But cryptographers say now is the time to prepare, especially because anybody could record sensitive communications now and decipher them later. “If you wait until we have a quantum computer it’s too late,” says Tanja Lange, a cryptographer at Eindhoven University of Technology in the Netherlands. “Every day that we don’t have postquantum cryptography is a day the data is leaked.”
NIST could standardize two or three algorithms each for encryption and digital signatures as early as 2022, says Dustin Moody, a mathematician at NIST in Gaithersburg, Maryland. The agency wants options, he says. “If some new attack is found that breaks all lattices, we’ll still have something to fall back on.” NIST sets standards for the federal government, Moody says, but “much of the world uses the encryption that NIST standardizes.”