The Importance of Standards in Quantum-Safe Cryptography
On July 5th, 2022, the National Institute of Standards and Technology (NIST) made headlines around the world with an announcement that it had selected the first four post-quantum cryptographic algorithms for standardization. These new standards are vital for modern cybersecurity and instead of being called “post-quantum cryptography standards” will become “cryptography standards.”
The Scope of the Quantum Threat
As the size of quantum computers grows, so does the threat to communications infrastructure. Future quantum computers will be able to break much of the cryptography that currently underlies today’s secure communications. When people think of cryptography they often think of encryption or secure banking, but cryptography is ubiquitous. It is used in common place applications, like verifying the server when you visit a webpage. Left unaddressed, the quantum threat will have massive security implications across-the-board.
Additionally, the quantum threat impacts any organization with information that requires confidentiality for the next decade. Today’s encrypted communications are being intercepted and stored by malicious actors. Although such adversaries cannot currently decrypt the information that is transmitted, once harvested, they can wait and decrypt it in 5-10 years once more powerful quantum computers become available.
The Quantum-Resistant Solution
While it is known that many cryptographic algorithms will be broken by tomorrow’s quantum computers, the cryptographic community is confident there are good replacement algorithms that can withstand the development of quantum computing. This area of quantum-secure cryptographic algorithms is the expanding field of post-quantum cryptography (PQC). The good news is that PQC can run on existing hardware, and with the ever-growing threat of quantum computers, this disruptive technology will soon become the new norm.
The Importance of Standards
Updating your cryptography should be done systematically according to international standards. Technical standards govern how every layer of telecommunication systems work, from the application layer down to the physical layer. Both parties in a communication need to agree upon which standards to use, so that the receiver can accurately interpret the transmission. Roughly speaking, you can think of cryptographic standards as providing a language which both parties use to communicate securely.
To further understand the importance of cryptographic standards, let’s consider what happens when you visit a webpage. Behind the scenes, there is a ‘handshake’ between your computer and the server. During this handshake your computer authenticates the server using digital signatures, and a shared secret key is established between the two parties. After this, your browser and the server can use this shared secret key to send encrypted communications. For this to work, both your computer and the server must agree on a common digital signature algorithm, key establishment algorithm and encryption algorithm. Both sides will follow cryptographic standards that describe these algorithms in detail, including their parameters.
Standardization embodies a golden rule in security; ‘Don’t use your own cryptography.’ In 2016, NIST began a project to standardize PQC, and this standardization process is still ongoing. During this time cryptographers from around the world have been analyzing these algorithms for their security, efficiency and usability. We can rest assured that any PQC standards that NIST publishes has undergone years of cryptanalysis from the world’s best cryptographers. Contrarily, cryptography that has not undergone thorough public scrutiny before being used is famous for being easily broken.
NIST’s PQC Standardization Process
Recall we mentioned above that when your browser and the server establish a connection both parties agree on a digital signature algorithm, key establishment algorithm and encryption algorithm. All three of these types of algorithms work in tandem together, so we need quantum-safe standardized versions for each type. There are already standardized quantum-safe encryption algorithms, thus NIST is focusing on standardizing digital signature algorithms and key establishment algorithms.
NIST’s project has had multiple rounds, each one narrowing the candidate pool to focus the analysis on the most promising algorithms. On July NIST announced they have finished the third round and selected 4 algorithms for standardization. A further 4 algorithms requiring additional analysis have been selected for a fourth round of scrutiny.
Algorithms Selected for Post-Quantum Standardization
Although there will likely be additional algorithms that are selected for standardization, the current selected suite of algorithms will provide the best choice for most applications. NIST has selected a single Key Encapsulation Mechanism (KEM) for standardization, KYBER (a KEM is a type of key establishment algorithm). However, 4 additional KEMs are selected for further evaluation and possible standardization: SIKE, BIKE, HQC, and Classic McEliece.
NIST has also selected 3 digital signature algorithms for standardization (digital signatures are most famously used for authentication): DILITHIUM, FALCON and SPHINCS+.
The algorithms that NIST selected may still be tweaked slightly before the final standard is published, however, their efficiency, key size and usability will remain the same. For most organizations replacing their cryptography with quantum-safe algorithms is not a simple plug-and-play process. Now that algorithms have been selected, the migration planning and experimentation phase begins.
The planning phase requires organizations to make an inventory of their cryptographic assets using a tool such as InfoSec Global’s AgileSec Analytics Tool. This phase also includes experimenting with NIST’s selected algorithms to test for efficiency and interoperability. While doing this it is recommended practice to utilize a crypto-agile solution such as InfoSec Global’s Agile SDK that allows for a seamless migration of cryptographic libraries.
This preparation will allow your organization to switch to PQC algorithms once NIST releases their final standards with minimum disruption, and to ensure the long-term confidentiality of your digital information.
If you’d like to connect with one of our experts to learn more about what’s shared in this blog, please email us at firstname.lastname@example.org
About the Writer:
Victoria de Quehen is a Cryptographer at InfoSec Global in Toronto. Her educational background includes an undergraduate degree in math from Queen’s University and a Master’s degree in Number Theory from McGill University. Professionally, she is developing innovative expertise in the field of digital security, where for the past 4 years she has been applying her knowledge of elliptic curves, and math in general, to conduct new cryptographic research on post-quantum encryption. She is actively involved in the post-quantum research community, and organizes international research workshops. Her main interest is in the optimization of post-quantum algorithms, with a special interested in hardware speed-ups, to improve security for information requiring long-term confidentiality.