NIST Recommends Planning Now for Post-Quantum Cryptography

Reference Article: https://www.scmagazine.com/analysis/encryption/the-government-is-close-to-picking-quantum-resistant-encryption-standards-now-it-must-plan-for-what-to-do-if-they-fail 

The National Institute of Standards and Technology (NIST) works to provide the strongest cryptographic standards and is trying to stay ahead of the quantum computer threat. Discrete logarithms, elliptic curves, and integer factorization are basis of cryptographic algorithms widely in used today. These algorithms are considered to be unbreakable by classical computers. However, quantum computers are well equipped to solve these modern cryptographic algorithms using Shor’s algorithm. While quantum computers are still in their infancy, major players such as IBM, Google, and Honeywell are spending millions to further develop quantum technology.

Governments and commercial organizations that are responsible for securing sensitive data should not underestimate the threat of quantum computers. The science to support quantum computing is well-founded and quantum computers may be a single breakthrough away from cracking modern cryptography. Quantum computing is not a question of if, but when. Now is the best time for organizations to start auditing their IT systems and planning for post-quantum encryption.

NIST began working on a cybersecurity solution to the quantum threat in 2016 by launching the Post-Quantum Cryptography Standardization program. NIST, part of the United States Department of Commerce, recognizes that replacing cryptographic algorithms will take significant time. After testing an initial pool of 69 potential quantum-resilient algorithms, NIST has narrowed down the selection to 7 algorithms. The agency anticipates a final round of testing and hopes to have a handful of highly secure algorithms standardized before quantum computers become capable of breaking encryption.

No quantum computer is yet able to break classical encryption methods, so NIST must rely on rigorous mathematical testing based on approximations of possible quantum computing power. Ultimately, quantum-resilient algorithms will only be sufficiently tested when the first practical quantum computer is available.

The Post-Quantum Cryptography Standardization project is set to end in 2024, leaving NIST two years to finalize and select post-quantum encryption algorithms. Migrating to a post-quantum encryption world also presents a major challenge. Big data is here, and most organizations have more data and cyber vulnerabilities than they can manage which has resulted in an explosion of cybersecurity breaches in recent years. As a result, NIST has developed five scenarios to identify which data and systems are most vulnerable to quantum attacks. These scenarios will help organizations prioritize the migration of their systems to post-quantum standards.

Network and data integrity is vital to protect the modern digital infrastructure that the United States economy relies on. NIST is working to prevent a catastrophic cryptographic obsolescence from catching governments and organizations unaware. Additionally, post-quantum cryptography companies, such as QuSecure, will play a key role in the shaping world of quantum cybersecurity. The time to upgrade to post-quantum standards is now, don’t let your organization get left behind.

#technology, #cybersecurity, #cyberdefense #ciso, #quantumcomputing, #cyberattacks, #quantum, #cto, #cisos, #technologynews, #quantumtechnology, #quantumphysics, #cybersecuritythreats, #ctos, #quantumtechnologies, #cyberresiliency, #quantumtech, #quantumsecurity, #quantumcommunication, #quantumsoftware, #quantumiscoming