Powerful computing is a double-edged sword. Advances that make sophisticated cryptography practical to secure our online communications also make it possible to attack these algorithms. We now are approaching a quantum leap [pun unavoidable] in computing power with the development of quantum computing, which is forcing scientists to rethink cryptographic standards.
“If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use,” according to a recent internal report from the National Institute of Standards and Technology. “This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere.”
How soon will such computers be available? It’s hard to say. Some scientists believe quantum computers capable of breaking current public key cryptography could be developed within 20 years, possibly as early as 2030.
Given that it has taken almost 20 years to deploy our current public key infrastructure, we need to get started future-proofing our crypto. “We must begin now to prepare our information security systems to be able to resist quantum computing,” NIST says.
The agency is launching an effort this year to identify new quantum-resistant standards for public key cryptography, which could be ready by 2023.
In the meantime, NIST will continue to assess threats to existing standards and “agencies should therefore be prepared to transition away from these algorithms as early as 10 years from now.”
Digital computers use binary bits designated as a 0 or 1 to convey data, represented by electrical charges in electronic hardware. Quantum computers use quantum bits—or qubits—that incorporate quantum-mechanical states to convey data. In the last 20 years work on quantum computing and the theory of quantum algorithms for searching and calculating has developed significantly, but it is still in its early stages. “It is clear that substantial long-term efforts are needed to move from present-day laboratory demonstrations involving a few qubits up to large-scale quantum computers.”
But it was shown in 1994 that quantum computers cold break public key cryptographic functions, and since then scientists have been working on post-quantum cryptography. In 2015 NIST held a workshop on “Cybersecurity in a Post-Quantum World,” which was attended by over 140 people from government, industry, and academia. According to NIST, the goal of post-quantum or quantum-resistant cryptography “is to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks.”
NIST already has recommended increasing key sizes for some algorithms, and scientists have concluded that it is unlikely any currently-known public key algorithms can safely be made quantum resistant. Quantum-resistant algorithms probably will have to have larger key sizes than the algorithms they will replace and would not integrate into current Internet protocols.
So NIST is gearing up to identify the needed post-quantum cryptographic standards. It plans to:
• Specify preliminary evaluation criteria for quantum-resistant public key cryptography standards by the end of the year.
• Accept proposals for quantum-resistant public key encryption, digital signature, and key exchange algorithms.
• Establish a submission deadline late in 2017 for algorithms to be considered, allowing the proposals to be subject to 3 to 5 years of public scrutiny before they are standardized.
The process will not be a winner-take-all competition like the selection process for AES (the Advanced Encryption Standard) and SHA3. Ideally, several good choices will emerge for each standard.