NIST Calls For Submissions Of Quantum-Proof Encryption Algorithms As Threat Of Quantum Computers Looms Closer

The National Institute of Standards and Technology (NIST), which tends to define which encryption algorithms are used nationally by federal agencies and private companies, called on the public to submit algorithms that would be resilient against quantum computers.

Warnings Against Quantum Computers

Last year, the National Security Agency (NSA) said the time to protect systems against quantum computers is now. We’ve also seen quite a few quantum computing-related breakthroughs in the past year that could make universal quantum computers more practical to build.

Some cryptographers have warned about the need to adopt quantum-proof encryption algorithms sooner rather than later for almost a decade. However, quantum computers only started to become a potentially serious threat once building them became an engineering issue, rather than a scientific one.

Why Adopting Quantum-Proof Algorithms Early Is Important

We may still be at least a decade or two away from a universal quantum computer that could break most of today’s encryption, but that still may not be enough time to properly secure most data against quantum hacking.

Encryption algorithms tend to linger on the internet and in various tools many years after they are known to be broken and insecure. It also takes a while for most tools and platforms to adopt modern encryption even after everyone decides it’s time to do so.

On top of that, it also takes many years to test new algorithms to ensure that they are indeed secure, sometimes by holding competitions to find out what proposed standard is the strongest. Testing, approving, and deploying a new encryption algorithm to most platforms and products can easily take a decade, if not longer.

However, deploying quantum-proof encryption to most devices and digital products before quantum computers that can break all conventional encryption debut may not be enough to keep previous communications secure. Intelligence agencies store data for multiple years, or even indefinitely, which means that as soon as quantum computers are capable of breaking conventional encryption they could start decrypting that personal data.

In other words, even if it takes another two decades before powerful enough quantum computers with thousands of qubits arrive, the NSA, NIST, and others who are worried about these devices may still be right that we need quantum-proof encryption today, and we need to deploy it soon.

Also, with Google promising a 50-qubit universal quantum computer by 2018, and assuming a Moore’s Law or D-Wave level of qubit scaling, those encryption-breaking quantum computers may be closer to one decade away than two.

Submitting Algorithms To NIST

Cryptography researchers can send NIST their algorithms by November 2017. NIST recommended they focus mainly on inventing quantum-proof public key cryptography, which is the type of encryption needed to protect data in transit over the internet, including financial transactions.

“We’re looking to replace three NIST cryptographic standards and guidelines that would be the most vulnerable to quantum computers,” said NIST mathematician Dustin Moody, referring to FIPS 186-4, NIST SP 800-56A and NIST SP 800-56B. “They deal with encryption, key establishment and digital signatures, all of which use forms of public key cryptography,” he explained.

NIST will review all the submissions. Those which meet the requirements will be invited to present their work at an open workshop in early 2018. The evaluation phase will take another three to five years.

“We hope to get lots of people around the world working on this so we can have increased confidence in the results,” Moody said. "Post-quantum algorithms haven't received nearly the same amount of scrutiny and cryptanalysis as those we currently use on today's conventional computers. We need that to change,” he added.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • targetdrone
    Only way to is to upgrade to quantum based encryption, because any digital based encryption to can't be quantum hacked is going to be so cumbersome, so resource intensive it will be unable by mainstream digital computers.

    Just think of how many rotors an enigma machine would need to be digital proof.
    Reply
  • alextheblue
    19035845 said:
    Only way to is to upgrade to quantum based encryption, because any digital based encryption to can't be quantum hacked is going to be so cumbersome, so resource intensive it will be unable by mainstream digital computers.

    Just think of how many rotors an enigma machine would need to be digital proof.

    I await your article disputing NIST's current stance on the issue. Also there's no reason CPUs won't continue to have blocks hardcoded to greatly accelerate specific algorithms.
    Reply
  • ledhead11
    Lucian, I have to just give props to you for the many, many security related articles you've brought to the front that I've seen in the last 2-3 years. I only started following Tom's back then. I know security specialists that haven't always known some of the things you've covered.

    That being said this isn't one of them, however, I first heard of some of these potential vulnerabilities about 6-10 years ago and have been trying to inform people that the tech they know and are familiar with has no real chance against true quantum computing and Scott Bakula has nothing to do with it. It may not be next week, month or year, but we are getting to a point where true quantum computing will happen. The ramifications of this technology is only understood on a surface level but at least some have an awareness on the security level.
    Reply
  • Supporter
    I hate cumbersome VR technology. i'll wait for a holodeck "vr built around you"
    Reply
  • Lucian Armasu
    @LEDHEAD11 Thanks, I appreciate it.
    Reply
  • InvalidError
    19036269 said:
    I await your article disputing NIST's current stance on the issue. Also there's no reason CPUs won't continue to have blocks hardcoded to greatly accelerate specific algorithms.
    You can accelerate conventional cryptography based on digital computers all you want, it still doesn't change the fundamental fact that all conventional crypto attacks rely on some brute force with partial factorization to reduce the effort between key collisions. With quantum computers however, the collision search speed is orders of magnitude faster thanks to the ability to potentially evaluate thousands of superposed states at once and that's what is threatening all conventional crypto currently in use. A brute force attack which used to take 10+ years with traditional ASICs will only take a few days with a quantum crypto breaker.
    Reply