Quantum Cryptography

Scientific guidance meant to ensure the U.S. is ready to shore up cyber defenses against a potential quantum computers’ ability to break through modern encryption methods are set for release the week of Aug. 12.

The development of the finalized post-quantum cryptography (PQC) standards are led by the National Institute of Standards and Technology, the Commerce Department’s scientific standards bureau. National Institute of Standards and Technology(NIST) has finalized the guidance and is readying its release in the coming days, said the people, who spoke on condition of anonymity because they were not authorized to publicly discuss the release timeline.

Today’s cryptographic systems rely on complex mathematical algorithms that are difficult for traditional computers to unravel. Future quantum computers could potentially solve these problems much faster, processing information based on the laws of quantum mechanics where a vast number of possibilities can be solved simultaneously. In cybersecurity terms, it means malicious hackers in the coming years may be augmented with new abilities to unravel encrypted information previously deemed secure.

Federal officials are trying to prevent future quantum computing-powered cyber incidents like “record now, decrypt later” attacks, where an adversary will hoover up encrypted datasets, store them, and — with the eventual existence of a quantum device — decrypt that data to use for theft or exploitation.

NIST made an initial selection of four algorithms deemed suitable for post-quantum cryptographic migration in July 2022. The algorithms — CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON — are specialized for different applications based on draft Federal Information Processing Standards, or FIPS, which are government-stamped blueprints deemed for optimal computer interoperability and security.

CRYSTALS-Kyber, for example, is designed for general secure website encryption, while the others focus on securing digital signature software.

“You can think of the NIST standardization as basically the starting gun,” Scott Crowder, vice president for IBM Quantum Adoption and Business Development said. “But there’s a lot of work to be done on taking those standards, making sure that all the open source implementations, all the proprietary implementations get done, and then rippling through and doing all the hard work in terms of doing the transformation upgrade.”

Practical quantum computing tools are about 3 to 5 years out from workforce use and will likely be accessed through cloud based environments, a top National Security Agency official predicted in April.