The National Institute of Standards and Technology (NIST) has recently finalized its first three post-quantum encryption standards. It’s crucial for organizations to understand how quantum computing can potentially break current encryption methods, what NIST is doing to support the industry, and the steps needed to enhance data protection.

Just as AI has transformed markets and revolutionized daily tasks, quantum computing is poised to have a similarly profound impact. However, it also presents significant risks to data security. To address these challenges, NIST published the new standards to guide companies worldwide in safeguarding their data before it’s too late. 

In this blog, we will explore NIST’s efforts, how attackers are preparing for the advent of quantum computers, and what organizations can do to protect themselves.

Quantum computing: the basics

Quantum computing is an exciting and rapidly developing field with the potential to revolutionize various industries by harnessing the principles of quantum mechanics. Unlike classical computers, which use bits to represent data as either 0s or 1s, quantum computers utilize quantum bits, or qubits. 

Qubits can exist in multiple states simultaneously due to a phenomenon known as superposition, and they can also be entangled, meaning the state of one qubit is directly related to the state of another, regardless of distance. These unique properties enable quantum computers to solve complex problems that are currently beyond the reach of classical computers, such as factoring large numbers at unprecedented speeds.

Quantum computing: a new cybersecurity challenge

The immense power of quantum computing poses a significant threat to cybersecurity, primarily due to its potential to break widely used cryptographic systems. NIST Special Publications, such as SP 800-56A and SP 800-56B, which outline effective key management and distribution mechanisms for current computing systems, are likely to be rendered obsolete by the advent of quantum computers. Recognizing this impending threat, NIST has prioritized the development and standardization of new quantum-safe algorithms to ensure robust security in the quantum era. RSA, one of the most common encryption algorithms currently used around the world, could be compromised by a sufficiently powerful quantum computer running Shor’s algorithm. 

This would allow attackers to decrypt sensitive data, impersonate digital signatures, and forge digital identities, posing a substantial risk to data security. As encrypted data is transmitted across the Internet and global networks every second, the infrastructure we currently consider secure could become vulnerable once quantum computers reach a certain level of development.

The threat of quantum computing is not merely theoretical. The “harvest now, decrypt later” approach involves adversaries intercepting and storing encrypted data with the expectation that future quantum computers will be able to decrypt it. This makes sensitive information vulnerable now, even if quantum computers are not yet fully realized and accessible. This future prospect of quantum-enabled decryption raises significant concerns for industries dealing with highly confidential information, such as finance, healthcare, critical national infrastructure, research, and national security.

Additionally, transitioning to quantum-safe encryption presents its own set of challenges. This shift could require a costly and complex overhaul of digital infrastructure, as legacy systems built on classical cryptography would need significant updates to remain secure in a quantum era. This transition could create logistical challenges and temporary vulnerabilities.

Quantum-safe encryption: An essential measure

The rise of quantum computing presents a significant challenge to traditional encryption methods. In response, NIST has been proactive in addressing these potential threats by developing quantum-safe, or post-quantum, encryption algorithms. These algorithms are designed to withstand both classical and quantum attacks, shifting away from conventional techniques based on number factoring or logarithmic problems. Instead, quantum-safe cryptographic methods leverage advanced mathematical structures, such as lattice-based, code-based, and multivariate polynomial cryptography. These techniques are considered robust against the capabilities of current fault-tolerant quantum computers and are anticipated to remain secure as quantum technology evolves.

NIST has undertaken a transparent and rigorous process to develop these quantum-safe encryption standards. Beginning in 2016, NIST invited researchers and organizations worldwide to submit their quantum-safe cryptographic solutions, resulting in an impressive response with 82 algorithms submitted from 25 countries. 

After thorough evaluation, NIST, in collaboration with global cryptography experts, has selected three algorithms for general encryption and identity authentication. Additionally, one more algorithm is expected to be included in a draft standard by the end of 2024. To prepare for the future, NIST is also working on backup standards, acknowledging the uncertainties surrounding the full impact of quantum computing on mathematics and cryptography.

Encryption algorithms for the quantum era

The Federal Information Processing Standards (FIPS) and NIST have rigorously evaluated algorithms to establish new standards aimed at safeguarding two critical aspects of modern infrastructure: general encryption and identity authentication. The selected algorithms are designed to withstand the potential threats posed by quantum computing, ensuring robust security for the future.

  • Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM): This algorithm is a highly secure method for key establishment in encrypted communications, even against attackers equipped with fault-tolerant quantum computers. ML-KEM is derived from the CRYSTALS-KYBER KEM, which has been extensively tested and refined over several years. It offers three parameter sets to cater to different security needs: ML-KEM-512, ML-KEM-768, and ML-KEM-1024.
  • Module-Lattice-Based Digital Signature Algorithm (ML-DSA): ML-DSA is a robust algorithm for generating digital signatures, ensuring the authenticity and integrity of digital communications. It is based on the CRYSTALS-Dilithium algorithm, known for its strong security properties. ML-DSA can be used for both the creation and verification of digital signatures, making it a versatile tool for secure communications.
  • Stateless Hash-Based Digital Signature Standard (SLH-DSA): SLH-DSA is another powerful standard for digital signature generation. It provides a secure method for protecting communications and verifying the authenticity of digital signatures. This algorithm is particularly useful in scenarios where maintaining state information is challenging or undesirable.

What your organization can do

Adopting quantum-safe encryption is a proactive measure that organizations should implement well in advance of quantum computers becoming a substantial threat. To ensure global digital infrastructure remains secure, it is crucial for organizations to collaborate across industries and prepare for this transition.

Immersive Labs advises organizations to begin by taking stock of their most critical information. Identify key data that needs protection and assess where quantum computers might pose a risk. 

As quantum computers are initially expected to be expensive and primarily accessible to governments or large organizations, staying informed about advancements in quantum technology and understanding which encryption algorithms may become vulnerable is essential.

Once you have assessed your data and potential vulnerabilities, prioritize and plan to transition to quantum-safe algorithms over the coming years. Implementing these new standards for your most critical information should be a priority.

To learn more about the latest cybersecurity news and potential impacts on your organization, please visit the Immersive Labs Resources Center.

Check Out Immersive Labs in the News.

Published

August 20, 2024

WRITTEN BY

Ben McCarthy