The US government agency on Tuesday named four technologies it says will keep computer data secret when. This is a key step in securing computers against potentially revolutionary new technology.
Scientists showed as early as 1994 that quantum computers could break traditional encryption technology if advances in quantum computers could be sustained long enough. Since 2016, the US Department of Commerce’s National Institute of Standards and Technology has overseen a hunt to design and test post-quantum cryptography technology to protect this data.
Of the four technologies chosen by the national institute, two are expected to be used more widely.
One, called Crystals-Kyber, is used to establish the digital keys that two computers need to share encrypted data. The other, Crystals-Dilithium, is used to sign encrypted data to establish who sent the data. It will likely take two years for the approaches to be standardized enough to be incorporated into today’s software and hardware.
Quantum computers are advancing steadily, but it will likely take years more work to create machines that are reliable and powerful enough to crack the encryption. Either way, strengthening encryption is now a pressing issue. It takes years to find new encryption methods, make sure they are secure, and install them widely. And government agencies and hackers can harvest sensitive information today in hopes of being able to decipher it later, when the data still has value.
“We think 10 to 15 years is a common view on the time scales of an attack,” said Duncan Jones, chief cybersecurity officer for quantum computing hardware and software maker Quantinuum. “But with the ability to ‘hack now, decrypt later,’ the attacks may have already begun.”
Although quantum computers remain immature today, a host of startups and tech giants like Google, IBM, Microsoft, Amazon, and Intel are pouring research dollars into development and making steady, if not incremental, progress. Experts expect quantum computers to augment the capacity of classical machines with new capabilities specializing in tasks such as finding new materials and drugs at the molecular level and optimizing manufacturing.
Ordinary people probably don’t have to worry too much right now about the threat of quantum computers later decrypting their data, said 451 Group analyst James Sanders.
“What is the value of your sensitive information in 1, 5, 10, 20 or more years? For business or government this is a more pressing concern, but for ordinary people things like numbers credit card cards are changed frequently enough that this risk is not serious enough to worry about,” he said.
Quantum computers could also undermine cryptocurrencies, which also use current cryptography technology.
The National Institute of Standards and Technology chose four technologies for standardization, in part because it wants a diverse set for different situations and because greater variety helps protect against any future weaknesses discovered. To protect against some of these possible weaknesses, many experts recommend hybrid encryption that uses both conventional and post-quantum methods.
“Ideally, multiple algorithms will emerge as good choices,” Dustin Moody, NIST’s post-quantum encryption lead, said during a presentation in March. He’s evaluating other candidates right now.
NIST has been steadily narrowing the list of post-quantum candidates for years, consolidating some with similar approaches and rejecting others with issues. A technology for digital signatures called Rainbow reached the third round before an IBM researcher discovered this year that it could be hacked in a “laptop weekend”.
Slower performance of post-quantum cryptography
One of the obstacles to post-quantum cryptography is that it is not as fast in certain situations.
“Quantum-safe digital signatures will incur a slightly higher cost,” adds Vadim Lyubashevsky, cryptography researcher at IBM.
Google sees a slowdown in the range of 1% to 3%, said Nelly Porter, a quantum technology expert at the company. That might not seem like a lot, but that’s for a company with as much network traffic as Google, which is why it will require hardware acceleration to use post-quantum encryption. Google has been extensively testing different post-quantum technologies to try to shed light on issues like communication latency.
“At our scale, you wouldn’t be able to enable it by default for everything,” Porter said.
NXP is developing an accelerator chip to speed things up using technologies that NIST has started to standardize and plans to ship when the standards themselves are complete by 2024. Hardware acceleration will be needed especially for devices whose processing power and memory are limited, Joppe said. Bos, Senior Principal Cryptographer of NXP.
Adopt post-quantum encryption
Although NIST is only now naming its first standards, several companies have already begun to develop, use, and offer post-quantum encryption in products:
IBM’s latest z16 mainframes support Crystals-Kyber and Crystals-Dilithium, technologies that IBM helped develop.
Google has tested several post-quantum encryption technologies and plans to adopt them to protect internal and external network traffic. Its tests have revealed some incompatibilities which business partners have resolved, it said on Wednesday.
The NATO Cybersecurity Center has begun testing post-quantum encryption technology from a British company aptly called Post-Quantum.
Amazon Web Services, an extremely widely used foundation for the computing needs of many other businesses, offers support for Kyber encryption technology.
Infineon offers a chip used to protect devices against firmware updates otherwise vulnerable to quantum computers that could infiltrate devices with malware.