search slide
search slide
pages bottom

NIST report says we urgently need more work in post-quantum cryptography

The National Institute for Standards in Technology (NIST) has a new report highlighting the dangers of the possibly-fast-oncoming quantum computing revolution, which could challenge the modern way of life by making online commerce fundamentally insecure. The study of how to keep encrypting messages even in the face of exponentially increased computing power is called “post-quantum cryptography,” or “quantum-resistant cryptography,” and the reality is that nobody knows quite how urgent it really is. Perhaps real, programmable quantum computers will never be a reality — but perhaps they will, and if they will, we’d better be ready. NIST thinks we need to be focusing far more on “cryptographic agility,” and the ability to adapt existing encryption standards in response to disruptive new technologies.

NIST is planning a post-quantum competition to try to stimulate more work in the area. But it can be difficult to motivate significant investment when things are currently working just fine, and the crash is a purely theoretical future problem. It takes a concerted education campaign to impress on executives exactly why it’s so important — this isn’t just your ability to complete business-sized wire transfers, but your ability to email a colleague in confidence, or pay for a product on Amazon, or keep your browsing history secret. Though we probably don’t need to switch to it until quantum computers actually come around, we do need a solution ready to go when that day comes.

The report says that there are a number of possible approaches already available, including lattice-based cryptography and multivariate polynomial cryptography, but they are all attempts to replicate the usability of modern crypto. That is to say, the new approach has to be able to work over modern computer infrastructure, and it must not itself require a quantum computer in order to work. So, “quantum encryption” is not a form of post-quantum cryptography; if we use quantum entanglement to transmit information, or encrypt it with a quantum-speed algorithm, we’ve done a very impressive thing with no relevance to the average internet user. Not good enough.

encryption headOne big problem with existing efforts is that there are no robust quantum computers around to do the attacking — this all comes down to running theoretical attacks based on the assumed abilities of an early quantum attacker. That makes it more difficult to tell when you’re making progress, or when you might have reached your goal. In addition, almost all currently theorized solutions requires much longer keys than modern algorithms, perhaps twice as long or more, and it’s doubtful modern internet protocols could immediately handle the switch. So, any effort to move toward post-quantum software has to be undertaken with foresight, and in collaboration with a number of interested parties and standards organizations.

There are always rumors flying around about the NSA’s secret quantum computers, how they’ve had years of access to tech that can break high-level RSA like it’s nothing — but there’s no reason to believe that’s the case. Despite the FBI’s various run-ins with Apple and the rest of the tech world, there seems to be a growing awareness that security standards effect everyone, and that technological crime is a great equalizer on the world stage; the NSA itself has been poking the development world about better post-quantum solutions. The negative impacts of quantum computers could just as easily be turned on the US Government as anyone else. If a foreign power does develop a crypto-breaking quantum machine, the US isn’t likely to know about it until it’s already been snooping through their communications for quite some time.

So, there are conflicting incentives. On the one hand, global business doesn’t usually like to fix things that aren’t broken. On the other hand, the potential consequences of being unprepared when the day comes are enormous.

Leave a Reply

Captcha image