After spending more than three years examining new approaches to encryption and data protection that could defeat an assault from a quantum computer, the National Institute of Standards and Technology (NIST) announced the final selection round of 15 post-quantum crypto ciphers (7 finalists and 8 alternates).
The third round of public review means an initial standard for quantum-resistant cryptography could be available by 2022. With the pandemic in full swing and the availability of a vaccine uncertain, timing could be pushed back further. Once a standard is released, it will likely take another 12-18 months before commercial products with the embedded standard arrives. Until then, current encryption is vulnerable to data harvesting attacks. Also, as with all math-based crypto, who is to say that the new standard couldn’t be broken? What happens then? And the problem of sending keys and data together still exists.
Quantum Xchange has long argued that the best approach to the quantum threat is defense-indepth or multiple layers of security controls. The intent is to provide redundancy in the event one control fails or a vulnerability is exploited. We recommend commercial enterprises as well as our country’s standards bodies and government institutions adopt defense-in-depth practices to combat the quantum threat – one that leverages encryption rooted in mathematics as well as physics.
It’s unclear why the U.S. continues to focus only on post-quantum crypto algorithms and largely ignores quantum communications techniques like Quantum Key Distribution (QKD) – a technology that is embraced by other countries, most notably China, and considered virtually unhackable.
Interesting to note that within days of NIST announcing its final PQC selection round, the Department of Energy drops its blueprint for a national quantum internet to be protected by QKD and the principles of quantum mechanics, “bringing the United States to the forefront of the global quantum race and ushering in a new era of communications.” The report goes on to say that, “Around the world, consensus is building that a system to communicate using quantum mechanics represents one of the most important technological frontiers of the 21st century.”
But perhaps the tides are changing at NIST. With the announcement of PQC round 3, the standards body has taken a more practical position to the quantum threat, acknowledging that the future capabilities of quantum computers remain an open question and that multiple approaches should be considered.
NIST mathematician Dustin Moody remarks, “It’s important for the eventual standard to offer multiple avenues to encryption, in case somebody manages to break one of them down the road.” He goes on to share, “Because all of the candidates still in play are essentially survivors from the initial group of submissions from 2016, there will also be future consideration of more recently developed ideas. By the time we are finished, the review process will have been going on for six years. Someone may have had a good idea in the interim, so we’ll find a way to look at newer approaches too.”
Defense-in-depth countermeasures to the quantum threat demand algorithmic as well as quantum physics approaches to encryption. Now that the PQC program is well established, we encourage the excellent people at NIST to spin-up a QKD team to properly protect our critical systems for the quantum era.
Organizations looking to future-proof their crypto infrastructure and execute defense-in-depth security controls can deploy Phio TX, the only quantum-safe key exchange that supports keys in all formats (QKD, PQC, QRNG) for true crypto-agility and a dynamic quantum infrastructure that can evolve in lock-step with the threat landscape.