What Does the NIST Post-Quantum Cryptography Standard Portend?
(DarkReading) The National Institute of Standards and Technology (NIST) is nearly ready to announce the first post-quantum cryptography standard.
Bernie Brode, a product researcher at Microscopic Machines asks what does the NIST News portent? Here are four issues to watch according to his analysis:
Issue 1: Defining a Standard
To its credit, NIST has long been conscious of the need for cryptographic algorithms that can stand up to attacks by quantum computers. More than three years ago, the Institute launched a program that invited proposals for just this kind of algorithm. Since then, there have been several rounds of selection in which the original 69 submissions were narrowed to 15.
Issue 2: A Variety of Approaches
NIST should be applauded for getting ahead of the need for post-quantum encryption. The results of the most recent selection round, in which the number of candidates was reduced and “tracked” into two groups, can be found in the Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process (NISTIR 8309).
t appears, in its selection, that NIST is attempting to perform a complex balancing act. On one hand, post-quantum encryption needs to be standardized enough so that engineers can easily work on multiple systems. On the other hand, and as NIST has explicitly said, “It’s important for the eventual standard to offer multiple avenues to encryption, in case somebody manages to break one of them down the road.”
Issue 3: An Uncertain Future
While NIST should be given credit for a cautious approach, it’s far from clear that the program will solve the problem of post-quantum cryptography. This is true even if we assume that the algorithms produced by the program are indeed secure against quantum computer attacks.
One way in which this kind of standardization could fail is if organizations don’t put sufficiently powerful encryption in place before quantum attacks begin.
Further, the development of post-quantum cryptographic standards will not protect data that has already been stolen. Such data is already vulnerable to a “harvest and decrypt” attack.
Likewise, it’s quite possible that many connected devices with long useful lives — including cars and smart sensors being designed today — will still be in use when quantum computers are widespread.
Issue 4: The Arms Race
Despite such alarming factors, NIST’s recent news is quite welcome. While quantum-proof perfect secrecy might not ever be possible, it makes sense to prepare for tomorrow’s quantum threats before we actually face them. NIST should be given credit for taking the initiative and facing up to emerging threats before it is too late, before the next generation of cyber weapons has already been developed.