The dawn of the quantum age is not a question of "if" but "when". Quantum computers, leveraging the bizarre yet powerful principles of quantum mechanics, are set to revolutionize industries from medicine to finance. However, this same technological leap also threatens to dismantle the very foundation of modern cybersecurity: public-key cryptography (PKC). With quantum computers poised to crack these once-unbreakable codes, the need for post-quantum cryptography (PQC) has never been more urgent.
In response to this looming threat, the National Institute of Standards and Technology (NIST) has been working diligently to standardize cryptographic algorithms resistant to quantum attacks. On August 13, 2024, NIST finalized its first three post-quantum cryptography standards, marking a historic milestone in cybersecurity.
What are Cryptographic Standards?
Cryptography is essential for protecting digital data, ensuring its confidentiality, integrity, and authenticity. Strong cryptographic policies are crucial to safeguarding an organization's technology infrastructure, preventing data breaches, and avoiding severe consequences like revenue loss and brand damage.
Cryptographic standards, such as those developed by NIST, provide guidelines for protecting sensitive data both in storage and transit. These standards are foundational to modern economic development, supporting secure global services and enabling the growth of sectors like e-commerce, financial services, and healthcare.
The Quantum Threat: A New Era of Computing
Quantum computers can perform certain calculations much faster than classical computers, potentially breaking current encryption methods like RSA and ECC, which are crucial for online security. While it is uncertain when practical quantum computers will be developed—estimates range from within the next decade to several decades—the risk they pose is significant. To counter this, cryptographers are developing post-quantum cryptographic (PQC) algorithms that are resistant to quantum attacks. These algorithms can be run on today's classical computers, allowing us to secure data and communications now against future quantum threats.
In fact, not only the cryptographers but also regulatory bodies such as governments have taken note of this potentially disruptive prospect. Since 2016, NIST has been leading the charge in this crucial area, working to identify, test, and standardize PQC algorithms that can stand the test of time — and the power of quantum computing. The journey to finalizing these standards has been long and meticulous, involving rigorous analysis, peer review, and collaboration with experts from around the globe.
On August 13, 2024, NIST released the first standard specifications for PQC algorithms:
- one key agreement, ML-KEM (FIPS 203), based on hard problems on lattices,
- two digital signatures, ML-DSA (FIPS 204) and SLH-DSA (FIPS 205), based on hard problems on lattices and on secure hashing algorithms, respectively.
Timeline of NIST PQC Standardization Process
Preparing for the Quantum Future
Migrating to post-quantum cryptography is crucial now due to the "Store Now, Decrypt Later" threat, where adversaries may be saving encrypted data to decrypt it with future quantum computers. Acting now secures sensitive information against these future risks.
For standard IT users, PQC updates will be seamless through software updates. However, enterprises and organizations require careful planning, vendor coordination, and financial planning for PQC implementation.
As quantum computing advances, organizations and individuals must take proactive steps to prepare for the inevitable transition to quantum-safe cryptography. Here are key actions to consider:
- Create a Crypto Inventory: Identify information assets, current cryptographic protections, and potential vulnerabilities.
- Conduct a Quantum Risk Assessment: Determine the timeline for when quantum threats might become relevant and prioritize activities accordingly.
- Evaluate Vendor Products: Ensure that the organization’s vendors are offering quantum-safe features and assess which products are not yet quantum-safe.
- Develop Internal Knowledge: Build a knowledge base among IT staff to understand and implement PQC.
- Move to a Crypto-Agile System: Transition to a system that can easily adapt to new cryptographic standards.
- Adopt PQC Algorithms: Begin implementing today's PQC algorithms to future-proof systems relying on cryptography.
- Stay Informed: Actively monitor developments in quantum computing and quantum-safe solutions to stay ahead of emerging threats.
- Act as soon as possible!
Moving to new cryptographic standards has proven challenging for organizations unaware of where and how cryptography is used in their existing technology infrastructures.
Post-quantum cryptography (PQC) systems are generally less efficient than classical ones, requiring more bandwidth and larger key sizes. This inefficiency makes entities hesitant to upgrade due to concerns about maintaining system interoperability and avoiding business disruptions. To address these challenges, a prudent approach for those wary of fully adopting PQC is to use hybrid protocols. These combine classical algorithms with new post-quantum ones, offering security if at least one remains secure.
What is TII Doing to Stay Ahead?
At the Technology Innovation Institute (TII), we intend to support the migration of cybersecurity practices to post-quantum cryptography on two fronts. On the one hand, we provide expert advice and consulting to various stakeholders to overcome the challenges anticipated during the migration. On the other hand, we employ our research workforce to contribute to developing such modern technologies.
Cryptographers at TII's Cryptography Research Center have contributed to the design and development of BIKE and HQC, 2 out of 3 remaining finalists that NIST is considering selecting as standards for quantum-safe key establishments. In the NIST's most recent call for additional quantum-safe signature schemes, 7 out of 40 candidate digital signature schemes are authored by TII researchers.
Our cryptanalysts consistently publish research articles related to the security of the new quantum-resistant proposals in top-tier peer-reviewed conferences and journals, giving a notable contribution to the community in developing trust in these new technologies. For example, the TII Cryptographic Estimator is a publicly available tool that helps cryptographers choose design parameters. Another activity proposed by TII to encourage research in post-quantum cryptography is the recently terminated TII McEliece Challenges, aiming at a better understanding of the third NIST finalist, namely the McEliece cryptosystem, for standardization.
Additionally, our team of engineers is at the forefront of secure and efficient implementations of the new post-quantum schemes, actively producing optimized software and hardware implementations and testing the hardware security of post-quantum designs.
Finally, the Quantum Research Center at TII conducts parallel research on quantum algorithms and the development of quantum computers, making TII one of the region's leaders in this field.
To summarize, the quantum revolution is on the horizon, and while the timeline remains uncertain, the need for preparedness is clear. By embracing the crypto agility organizations can prepare to face the quantum challenges of tomorrow. NIST's new post-quantum cryptography standards are just the beginning of a global effort to secure our digital future!