The National Institute of Standards and Technology (NIST) announced that they had selected four Quantum-Resistant Cryptographic Algorithms to address concerns of quantum computer cyber attacks against current encryption technologies. The selection was made from respondents to a post-quantum cryptography standardization project.
The Emerging World of Quantum Computing
Quantum computers utilize certain phenomena of quantum mechanics to perform computational problems. Although current quantum computers are unable to out perform standard computers, this technology will eventually dramatically outperform today’s technology. This is especially the case in operations such as integer factorization which is central to encryption technologies.
Current public key encryption systems utilize integer factorization. These systems generate keys by using the products of large prime numbers. As cryptography is a central tool for protecting the confidentiality and integrity of digital information, it is critical to create and adopt quantum resistant cryptography standards. One of the criticisms leveled at current cryptography is that algorithms are not validated or internationally standardized.
Application Specific Cryptographic Solutions
Cryptographic systems are used in a variety of applications in cybersecurity. NIST has selected the four algorithms to address specific applications. One algorithm, CRYSTAL-Kyber is intended for general encryption. General encryption is used to secure websites. Its advantages for this application are its speed of operation and the ease in which parties can exchange encryption keys.
NIST selected three other algorithms to address requirements for digital signatures. Digital signatures applications are used to verify the identity of parties. They are often used for digital transactions or remote document signatures. Those selected are CRYSTALS-Dilithium, FALCON, and SPHINC+. Of the three, CRYSTALS-Dilithium and FALCON were rated as the most highly efficient in operation.
Two separate technologies are used in these algorithms. They utilize different families of math problems to generate and decode encryption. SPHINC+ uses hash functions cryptography. While this approach is a larger and slower application, it is seen as valuable in that it uses a different approach. The other solutions implement mathematical problems based on structured lattices.
NIST is Looking Towards the Future
New challenges emerge with every step in the evolution of technology. Computer science is no different than any other technology in this regard. As classical computers are replaced with large scale quantum computers, encryption algorithms will need to evolve. Current public key cryptography has served the digital world well but will need constant improvement to ensure security.
As with other technologies, standardization and accepted means of validation are required to provide acceptable performance criteria. To address this need, NIST is creating a post-quantum cryptographic standard. The four selected technologies will be central to that standard. These new Quantum-Resistant Cryptographic Algorithms technologies are still rapidly developing and there will certainly be new solutions in the future.
NIST is currently on schedule to finalize the standard in two years. This should provide the cyber community with better tools for securing vital and sensitive information. In the mean time NIST is encouraging information security experts to experiment with the new algorithms. It is also suggesting that consideration be given to how these applications could be implemented.
As these solutions are still in development they are not, as yet, ready for integration into live cybersecurity programs but cybersecurity practitioners would be well advised to familiarize them selves with the new technologies. They can also act as messengers to inform their associates and users of the upcoming changes in public-key cryptography. This will allow organizations to plan for the necessary allocation of resources to integrate Quantum-Resistant Cryptographic Algorithms into their systems.
CVG Strategy Cybersecurity Solutions
Businesses worldwide are under attack from players that are well funded and very focused on compromising proprietary data. IT solutions alone are not sufficient to combat these forces. Viable solutions include all stakeholders in an enterprise. They include people, policies, procedures, risk analysis, incident responses, and an internal auditing process that yields constant improvement.