NIST aiming for quantum-proof crypto


Written by

Quantum computing represents the next generation of processors — computer chips that are orders of magnitude more powerful than current products. 

But with great power comes great responsibility, and quantum computing could signal the end of encryption as we know it. That’s because public-key, asymmetric encryption relies on the fact that some mathematical processes are more or less impossible to unscramble once completed — at least with current computing power, even basic encryption can take years to break. 

Mega-powerful quantum computers will upend that calculation, making even complex asymmetric encryption algorithms easily crackable, according to a new report from the National Institute for Standards and Technology on post-quantum cryptography.

“If large-scale quantum computers are ever built, they will be able to break many of the public-key crypto systems currently in use,” states the report, released Friday. “This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere.”

[Read more: Kaspersky: The ‘cryptopocalypse’ is nigh

Quantum computers use “quantum bits” to function, which allows them to store and process data in an exponentially more efficient way than current technology, said Andrew Childs, the co-director of University of Maryland’s Joint Quantum Institute. With it, they can solve in seconds algorithms or problems that currently take normal computers months or years.

The report authors said NIST would begin long-term development of newer, safer algorithms that work are proof against quantum decryption attacks. One of the most hopeful strategies is called “lattice-based cryptography,” a type of simple yet efficient security system, Childs said.

NIST plans to publicly release “draft criteria” detailing security and performance requirements for quantum-proof cryptography later this year and finalize it by year’s end. At that time, the agency will begin accepting proposals for “quantum-resistant public key encryption, digital signature, and key exchange algorithms,” according to the report. These algorithms must be submitted by late 2017 and will then go through 3-to-5 years of public scrutiny.

In the short term, the report recommends, organizations using encryption should try to make themselves “crypto-agile” — able to adopt new algorithms fast if existing ones are broken. 

Although large-scale quantum computers are still a long way off — some estimate about 20 years, the report said — experts need to be ready for the change.

“Historically, it has taken a long time from deciding a cryptographic system is good until we actually get it out there as a disseminated standard in products on the market. It can take 10 to 20 years,” said NIST mathematician Dustin Moody in a blog post. “Companies have to respond to all the changes. So we feel it’s important to start moving on this now.”

Contact the reporter on this story via email: Follow him on Twitter @JeremyM_Snow. Sign up for the Daily Scoop — all the federal IT news you need in your inbox every morning — here:

-In this Story-

Attacks & Breaches, Commerce Department, Cybersecurity, Departments, National Institute of Standards and Technology (NIST), Tech
TwitterFacebookLinkedInRedditGoogle Gmail