This week marks an important milestone in the history of cryptography and cybersecurity. After more than six years of work conducted by hundreds of scientists and engineers from 25 countries on six continents, the National Institute of Standards and Technology (NIST) unveiled a suite of four post-quantum cryptography (PQC) algorithms that will strengthen the world’s cybersecurity defenses as we enter the quantum era. The key takeaway from the recent announcement is that the NIST algorithms finally bring clarity and certainty to the business community as they transition from algorithms such as RSA encryption to a new, tangible PQC framework.
For nearly a half-century, RSA has been the gold standard for secure communications technology. It is ubiquitous; protecting our computers, servers, phones, ATMs, bank accounts, emails and other data, devices and communications from adversaries seeking to profit or do harm. It had a great run, but when large scale, error-corrected quantum computers arrive, that’s it – the party’s over. Sadly, neither RSA nor any of today’s other public key cryptography standards, such as Elliptic Curve cryptography, can defend against a quantum attack, as Peter Shor proved in 1994 when he published a paper showing how quantum computers could break today’s public key cryptography.
Back then, quantum computers themselves were only a theory – a construct from a distant, sci-fi future. Nearly three decades later, that future is quickly becoming our reality. Although it is still years away, the world has gotten a glimpse of quantum’s potential from Google, IBM, Amazon, SandboxAQ and others who are actively contributing to the hardware and software ecosystem. However, as with any technological innovation or breakthrough, bad actors have already found a way to spoil the party – in this case via Store Now, Decrypt Later (SNDL) attacks, which we wrote about previously. These attacks are occurring now, with increasing frequency, in anticipation of the day when quantum computers will be able to crack today’s encryption and unlock the stored value of the data therein. To put it into perspective, a single pharmaceutical company could lose tens of billions in profits and many years of R&D if its proprietary chemical compounds, clinical trial data, trade secrets or other data were stolen and decrypted.
The good news is that the world doesn’t have to wait for quantum computers in order to combat emerging quantum threats. SandboxAQ is developing solutions to help large enterprises and governments protect their customers, data and assets using software that runs on today’s classical computers. Our machine learning-aided solutions are already helping some of the world’s largest banks, telcos, healthcare providers and other entities to assess and inventory all vulnerable encryption protocols in their IT architectures and develop a PQC migration plan. The next step is implementing that plan – and that’s where NIST’s new PQC algorithms come into play.
The four encryption algorithms announced by NIST are expected to be finalized in about two years, and four other algorithms are also under consideration for inclusion in the final standard, which NIST plans to announce at a future date. The algorithms are designed for two main tasks - public-key encryption and key exchange, used to protect information exchanged across a public network; and digital signatures, used for authentication and digital document signing.
For encryption, NIST has selected the CRYSTALS-Kyber algorithm for overall having strong security while maintaining great performance (such as in software) and having relatively small key sizes.
For digital signatures, NIST has selected three algorithms: CRYSTALS-Dilithium, FALCON and SPHINCS+. NIST recommended CRYSTALS-Dilithium as the primary algorithm, with FALCON used for applications that need smaller signatures. SPHINCS+ was selected as a back-up because, although it is larger and slower than the other two, it is based on a different mathematical problem – using hash functions, called hash-based – compared to the other three selections, which are based on a family of mathematical problems using structured lattices, called lattice-based cryptography. The additional four algorithms still under consideration are designed for encryption/key sharing and do not use structured lattices or hash functions in their approaches.
We’re often asked: why is NIST coming out with multiple quantum-resistant algorithms? The simple answer is that there is no ‘one size fits all’ PQC algorithm that works in today’s modern digital age. With all the tools and tricks at an adversary’s disposal, a layered approach to cybersecurity is needed to achieve crypto-agility. Each of the NIST algorithms might be more suitable for a set of specific use-cases. For instance, an ecommerce website or mobile app developer might use FALCON to preserve the user experience, whereas a government entity or utility company might implement CRYSTALS-Dilithium and SPHINCS+ to secure their assets. In fact, many heavily regulated or global industries will likely adopt a hybrid (combining PQC with RSA or Elliptic Curve Cryptography) solution in order to comply with existing and future regulatory or international mandates.
While the NIST standards have yet to be finalized, the newly released PQC algorithms will enable SandboxAQ and others to begin integrating them into cybersecurity solutions now, so that organizations can begin the process of protecting their data and networks. As we’ve said in the past, PQC migration is a lengthy and complex endeavor – especially for large, distributed networks or those resulting from a series of corporate acquisitions. It’s time for every company to start the PQC discovery process now – cataloging all instances of RSA or other vulnerable encryption protocols used throughout their network. More than 20 billion devices will need PQC software updates globally, as well as certain “far horizon” projects that have long lifespans or immutable, application-specific hardware, ranging from small smart cards to IoT connected devices in cars.
With so many positive and desirable applications that will benefit society – from accelerating drug discovery or developing next generation materials designed at the molecular level – it is unfortunate that adversaries and even some nation-states only see quantum as a tool to perpetuate criminal endeavors or cause societal disruption. Thankfully, some of the world’s best and brightest minds came together to work with NIST to protect our cyber future and preserve our security and privacy even with the advent of quantum computing.
If you’re interested in learning more about how emerging quantum threats might impact your organization or would like more information about our suite of PQC solutions, please email firstname.lastname@example.org. Click here to read our whitepaper, ”Transitioning Organizations to Post-Quantum Cryptography”, which was published in Nature. You can also view our recent webinar discussing the paper, featuring Taher Elgamal, who is universally recognized as the ‘father of SSL'; Tanja Lange, a renown cryptographer, number theorist and Chair of the Coding Theory and Cryptography group at Eindhoven University of Technology in the Netherlands; and our own David Joseph, one of the paper’s co-authors.