This week’s announcement of post-quantum cryptography standards by the National Institute of Standards and Technology is a big win for the many scientists and engineers who have worked on these technologies of the years.
This is especially true for IBM Research, which noted that this week’s announcement is a nice return for decades of work the company invested in developing lattice-based cryptography, work that fed into the creation of the CRYSTALS-Kyber and CRYSTALS-Dilithium standards selected by NIST.
The blog post, authored by Michael Osborne, IBM Head Of Crypto-logical Research and Lead for IBM Q Security and Encryption, and Vadim Lyubashevsky, IBM cryptography researcher, stated, “Lattice-based cryptography has become arguably the most widely studied area of quantum-safe cryptography protocols. That’s because the confidence in the concrete security of any cryptographic scheme is judged by the number of people looking at the constructions. This extensive public scrutiny gives us confidence in the long-term security of these primitives.”
The post added that IBM scientist Miklos Ajtai’s 1996 research paper “Generating Hard Instances of Lattice Problems,” “proved a theoretical result showing that breaking lattice-based cryptosystems is most likely difficult, at least asymptotically. Twenty-six years later, these two papers form the basis of our schemes chosen by NIST: CRYSTALS-Kyber and CRYSTALS-Dilithium.”
FALCON, another lattice-based solution, was chosen alongside Dilithium as a digital signature standard, complimentary to Dilithium and chosen for its “smaller parameters,” the blog post stated.
While the NIST announcement is a big moment for the sector, Osborne, a speaker at past IQT events, said in a recent interview with IQT News that government and corporate enterprise security strategists still have a lot of work to do to prepare for migrations that for many of them will not happen overnight, as standardization efforts and processes are expected to continue for another two years. He described cryptography strategies in most industries as “a mess.”
He added, “It is just one of these things that has not been loved and given the attention it deserves, meaning that most people don’t even know what the crypto is that they have. So, getting your house in order and being prepared is such a key thing to focus on right now. There will be many standards, many algorithms so you want to prepare yourself to be crypto-agile. There is no need right now to rush out and pick just one. Be prepared to address quantum risk within a framework of agility.”
Dan O’Shea has covered telecommunications and related topics including semiconductors, sensors, retail systems, digital payments and quantum computing/technology for over 25 years.