Post-quantum cryptography hits standardization milestone

Green light for four ‘future-proofed’ encryption technologies

ANALYSIS The first four standardized protocols for post-quantum cryptography have been unveiled, laying the foundations for the development of apps and web technologies that incorporate “future proof” encryption.

An ongoing standardization process led by the US federal government’s National Institute of Standards and Technology (NIST) last week resulted in the announcement of a quartet of preferred protocols.

RELATED Dozens of cryptography libraries vulnerable to private key theft

The selected encryption algorithms will become part of NIST’s post-quantum cryptographic standard, expected to be finalized over the next two years. Four additional algorithms are still under consideration for inclusion in the standard.

NIST said in a statement that it recommends two primary algorithms to be implemented for most use cases: CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures).

More than one algorithm for each use case is being sought as backup in the event one or other approach proves vulnerable.

The dilithium crystals can take it

For digital signatures, NIST recommends CRYSTALS-Dilithium as the primary algorithm, with FALCON for applications that need smaller signatures than Dilithium can provide. A third algorithm, SPHINCS, is slower than the other two but still received the go-ahead because it is based on a different mathematical process and therefore offers a chance to add diversity.

NIST’s Dustin Moody explained why a further round of selection was needed.

“Of the four algorithms we selected, one is for encryption and three are for digital signatures,” Moody told The Daily Swig. “Of the four algorithms that we will continue to study in the fourth round, all four are encryption algorithms.

Catch up on the latest encryption-related news and analysis

“The primary motivation for this is to find a non-lattice-based signature scheme which is suitable for general purpose use to be a backup for our lattice-based signature algorithms we are standardizing (Dilithium and Falcon),” Moody added.

He continued: “Our current NIST public-key standards cover encryption and signatures. So that is what our standardization process was targeted for – to replace the vulnerable cryptosystems in those standards. Other functionalities may be considered in the future.”

Quantum leap

The long-running search for next-generation cryptographic techniques is necessary because current encryption protocols, such as RSA, base their security on solving mathematical problems that are beyond the reach of even the most powerful conventional computers.

Sufficiently powerful quantum computers – which operate according to a completely different paradigm than current PCs or servers – might be able to crack today’s existing public key cryptography algorithms. Simply increasing the key length is insufficient to address this potential threat, hence the need to look to the development of post-quantum cryptography protocols.

Store now, decrypt later

Even though the current generation of quantum computers are largely experimental and beset by engineering challenges, adversaries might well be pre-planning for their future availability with so-called “store-now-decrypt-later” attacks.

If successful, such attacks would leave a growing volume of conventionally encrypted financial, government, commercial, and health-related data exposed to attack from sufficiently capable quantum computers.

Quantum computers rely on the properties of quantum states – such as superposition, interference, or entanglement – rather than the simple binary states (0 or 1) of conventional computers, in processing computational tasks.

YOU MAY ALSO LIKE Researchers crack MEGA’s ‘privacy by design’ storage, encryption

When combined with quantum algorithms, the technology might be expected to solve some mathematical problems, such as integer factorization, in a manageably short time – posing a threat to present encryption schemes that ultimately depend on the current intractability of such problems.

Quantum-resistant algorithms rely on math problems that both conventional and quantum computers should have difficulty solving.

Heading on the right track

Industry experts welcomed NIST’s announcement because it offers a degree of certainty about where the industry is heading.

Developers behind the OpenSSH protocol have already taken initial steps to support post-quantum cryptography protocols in key exchange.

NIST’s endorsement of a set of approaches also offers a much clearer roadmap for mainstream adoption of future-proofed encryption techniques.

Duncan Jones, head of cybersecurity at Quantinuum, commented: “Organizations can now accelerate their implementation and testing efforts, safe in the knowledge they aren’t backing the wrong horse.

“CISOs in every industry should be working hard on their post-quantum migration plans, so they are ready to launch into production as soon as standardization is complete in 2024,” Jones added.

Secure webmail provider Tutanota has already developed a working prototype to securely encrypt emails using algorithms selected by NIST, namely CRYSTALS-Kyber and CRYSTALS-Dilithium.

“The algorithms now picked by NIST have proven to the best choice for quantum resistant encryption in our email prototype,” said Vitor Sakaguti, member of quantum encryption research project PQMail.

RECOMMENDED Decentralized Identifiers: Everything you need to know about the next-gen web ID tech