(ElectronicDesign) Quantum computers are fast becoming a reality—but as soon as they do, our trusted methods of encryption will immediately become inadequate.
Cryptographers around the world have been studying the issue of post-quantum cryptography (PQC), and NIST has started a standardization process. However, even though we’re likely five to 10 years away from quantum computers becoming widely available, we’re approaching what can be described as the event horizon.
NIST’s PQC standardization process is working. The effort has been underway for more than four years and has narrowed entrants from 69 to seven (four in the category of public-key encryption and three in the category of digital signatures) over three rounds.
However, in late January 2021, NIST started reevaluating a couple of the current finalists and is considering adding new entries as well as some of the candidates from the stand-by list. Addressing PQC isn’t an incremental step. We’re learning as we go, which makes it difficult to know what you don’t know.
The current finalists were heavily skewed toward a lattice-based scheme. What the potential new direction by NIST indicates is that as the community has continued studying the algorithms, lattice-based schemes may not be the holy grail we first had hoped.
Someone outside the industry may look at that as a failure, but author Helena Handschuh argues that’s an incorrect conclusion. Only by trial and error, facing failure and course correcting along the way, can we hope to develop effective PQC algorithms before quantum computers open another, potentially worse cybersecurity Pandora’s box. If we fail to secure it, we risk more catastrophic security vulnerabilities than we’ve ever seen: Aggressors could cripple governments, economies, hospitals, and other critical infrastructure in a matter of hours.
While it’s old hat to say, “It’s time the world took notice of security and give it a seat at the table,” the time to deliver on that sentiment is now