NIST: Inside the race to standardise post-quantum cryptography
From 80 submissions, to 7 finalists.
With large-scale quantum computers drawing ever closer, security experts are racing to get ahead of the quantum threat to information security. That’s because, with extremely high processing power, quantum computers will be able to easily break the encryption widely-relied on to protect sensitive information today. For governments and organisations around the world, that’s a big problem.
It’s no mean feat, but one initiative is leading the way to a quantum-secure future: the NIST (National Institute of Standards and Technology) post-quantum cryptography standardisation project. Over the past five years, NIST has been working with leading academics, researchers and experts across industry and government to solicit, evaluate and standardise a new generation of cryptography that is resistant to the quantum threat: post-quantum cryptography. It’s a mammoth task, but without standardised and widely deployed quantum-safe security solutions, all digital information - past, present and future - is at risk.
NIST's post-quantum cryptography standardisation project: From 80 submissions, to 7 finalists.
Since 2016, NIST’s post-quantum cryptography standardisation project has been working to establish a clear roadmap to guide us toward a quantum secure future, with the new algorithms replacing the current classical-security standards in applications.
With over 80 submissions from over six different continents, this has truly been a global effort. Following intense scrutiny and powered by cutting-edge research from academia, industry and government worldwide, this initial pool was shortlisted to 69 Round 1 candidates in 2017, and then later narrowed down to 26 schemes for Round 2 in 2019. Last year, the project entered its third and final selection stage, with fifteen schemes remaining.
Of these fifteen schemes, NIST has declared seven finalists, and eight alternates - the majority of the latter are unlikely to make it to standardisation without requiring a fourth round for further scrutinisation. The finalist algorithms all range in their design, using different subfields of quantum-resistant cryptography, such as lattice-based, hash-based, code-based, isogeny-based and multivariate-based cryptography.
While they vary in their mathematical design, all of these are fair candidates for standardisation. What’s more, the practical use-cases of each scheme will vary, which is why it is likely that NIST will standardise more than one of the finalists.
Preparing for the (un)known
Large-scale, practical quantum computers (and the security threat that comes with them) don’t actually exist yet. So how can we be confident that the solutions under consideration by NIST will work? The answer is in the maths.
Traditionally, public key cryptography relies on mathematical problems (integer factorisation and discrete logarithm) that are difficult for classical computers to solve given their computational limitations. But as early as 1994, Shor’s algorithm proved just how easy these problems would be to solve with a large-scale quantum computer.
Since then, the cryptographic community has been hard at work developing new, quantum-resistant solutions that go way beyond the mathematical problems used in public key cryptography, and that promise to stand the test of time. Using multiple different mathematical fields and principles, the various post-quantum cryptography solutions now under consideration by NIST are sufficiently complex that even a quantum computer won’t be able to decrypt them.
While other solutions, such as quantum-key distribution, do exist, leading bodies such as the NCSC (US National Cyber Security Center) agree that post-quantum cryptography provides the best mitigation against the quantum threat. With quantum-resistant cryptography, we can rest assured knowing our information will be protected in the long term.
A race against the clock
But there’s a way to go yet. The NIST post-quantum cryptography standardisation project has a vital role to play in ensuring the widespread adoption of these new quantum-safe technologies. As we all know, standardising and deploying new technologies takes time, however, and it’s not a task to be taken lightly. These standards will be relied on for decades to come, so every margin of error should be accounted for.
Quantum computing is a fast-moving field, attracting hundreds of millions of dollars in yearly funding. While we can’t pinpoint the exact moment the quantum era will begin, new milestones are being reached all the time, and some experts anticipate it could be as early as this decade.
Historically, it’s taken up to two decades to deploy the modern cryptography that is widely relied upon today, which is why early standardisation is essential, allowing organisations the time and flexibility to transition smoothly and prepare information security systems for the quantum era.
Luckily, NIST is expected to announce the results that will form the official standards in early 2022. This will mark a significant milestone, and will be instrumental in the widespread adoption of quantum-safe security solutions.
The business reality: Preparing to transition
Within two to three years, we can expect the new post-quantum cryptography standards to become a requirement for anyone working with the US government, critical infrastructure and likely in other critical fields. With the quantum threat right around the corner, it’s crucial that organisations begin planning now, as per the NCCoE’s (NIST’s National Cybersecurity Center of Excellence) advice, to get ahead and protect their sensitive information from the quantum threat.
The good news is, it is actually possible to protect your information today, with a security infrastructure designed to work with all the finalist algorithms that are use-case suitable, in a hybrid fashion when needed. We’re already seeing leading organisations across critical industries lead the charge in implementing these new quantum-resistant cryptography solutions.
No industry or organisation is immune to the quantum threat. This isn’t something you can ignore until tomorrow. That’s why we need to start the conversation early, and ensure that technical and executive teams alike understand the urgency of this problem.
A hybrid solution is a strong first step towards a quantum-secure future, but ensuring crypto agility and designing a long-term strategy for migration to a quantum ready architecture will be vital in ensuring that your organisation’s sensitive information is fully-protected from the threats of tomorrow.