NIST Takes First Big Step in Preparing for Post-Quantum Cryptography
Quantum computing technologies are poised to disrupt cybersecurity because of their unique ability to solve complex problems that classical computers currently struggle to solve. Cybersecurity has always been an arms race between organizations using new techniques and technologies to protect sensitive data from unauthorized access and hackers using new techniques and technologies to bypass those protections. One of the key cybersecurity challenges is keeping up with emerging technologies like quantum computing that will change the way data is either secured or stolen.
Current popular encryption algorithms—mathematical formulas that lay out a set of steps a computer takes to encrypt or decrypt information—are provably secure because they would take the most powerful classical computers thousands of years to solve the underlying math problem, such as factoring a large number. Quantum computers, while still in the early stages of their development, would render many existing encryption algorithms obsolete by making it computationally feasible to solve the complex calculations they rely on. Quantum computers will also create opportunities to design new, more secure forms of encryption.
Even though quantum computers are not yet available to break today’s encryption, they are likely coming. And when they do, it will be important to have already migrated to post-quantum cryptography. To address the potential threat of quantum computing technologies breaking existing encryption algorithms, the National Institute of Standards and Technology (NIST) put out a call for proposals for post-quantum encryption algorithms in December 2016. After years of gathering and testing these algorithms, NIST announced the first four quantum-resistant algorithms on July 5, 2022. Four additional algorithms are currently under consideration.
These algorithms are the beginning of NIST’s post-quantum cryptography standardization project, which aims to create new cryptographic standards and guidelines to replace those most vulnerable to quantum computers. The steps NIST is taking now will enable organizations to continue to protect sensitive data in a post-quantum world.
This forward-thinking strategy is a prime example of how the U.S. government should approach emerging technologies like quantum computing. In order to remain a world leader in information technology and mitigate any potential risks associated with emerging technologies, the U.S. government should scale up its investment in quantum computing applications, particularly near-term applications. NIST’s post-quantum cryptography standardization project is a good first step; however, the next challenge will be ensuring these algorithms are widely deployed in both industry and government before existing ones become obsolete.
