A years-long project by the federal government to develop new “post-quantum” cryptography standards will be finalized later this year, according to an official at the National Institute for Standards and Technology.
Most cryptographers believe that the sheer power of quantum computing will be capable of tearing through many of the existing public key encryption algorithms, like RSA or Diffie-Hellman, that underpin most computer hardware and software today. It could also threaten some symmetric key algorithms, though not to nearly the same extent.
With the prospect of both quantum computing and code breaking not too far over the horizon, officials at NIST have been working since 2016 to plan for what comes next. After taking dozens of proposals for different standards, the agency has spent the past three years narrowing down the list of candidates in a quest to select a small handful of algorithms that will likely be used to underpin future IT hardware and software across industries.
The question that has hung over each step of the process is “When?” When will the standards be finalized and released? When will they start showing up in commercial technology products? Most important: when will any of this be relevant to my organization?
At a May 25 online event hosted by the Institute for Security and Technology, Dustin Moody, a mathematician at NIST who is leading the project, said he now sees “light at the end of the tunnel” for the project and that NIST plans to announce which algorithms will be standardized by the end of 2021.
“We will name the [finalists] roughly about the end of this year, and then we’ll write up some draft standards, we’ll put those out for public comment, and it will probably take us a year or two to get that all done,” said Moody. “We expect final standards to be ready about 2024 [so] that people can begin using and adopting these algorithms."
The agency has settled on seven finalist algorithms, all of which they believe will be ready for standardization after this latest round of evaluations, along with another eight as backups. Many of the proposals intentionally draw from different cryptography standards or approaches -- part of the agency’s plan to have viable encryption alternatives if one of the choices doesn’t work as intended or an unforeseen development in quantum cryptography leaves one or two algorithms vulnerable in the future.
As to when quantum-resistant computers will be necessary, Moody noted that while some cryptographers believe we are as little as five years away, most continue to project a timeline of 10 to 20 years before the technology breaks through in any meaningful fashion. While the computers developed by IBM, Intel and Google are getting bigger and able to process an increasing larger number of qubits, they’re also impractically fragile and require near zero or Absolute Zero temperatures to function.
All throughout the project, NIST officials have been hyper-aware of their position as a bellwether of information security standards for both government and industry. As a result, their default approach to this project has been one of caution and due diligence. Moody stressed that the agency has tried to speed up the process where it can, but that laying down standards that could wind up dictating decades of security and purchasing decisions is something that “just takes time” and shouldn’t be rushed.
When speaking about the same project several years earlier, Matthew Scholl, chief of the Computer Science Division of the Information Technology Laboratory at NIST, advised not to jump the gun and start buying the first “quantum” technology that pops onto the market.
"Folks are asking us, 'I need to buy something quantum safe now, what should I buy now?' and what we're telling them is 'Nothing,'" Scholl said at a government meeting in 2019. "Buy nothing now but know where the items are that you need to have in place, know what those items are protecting and then start to prioritize when buying is appropriate."
Despite the very real concerns behind the project, Moody sought to dispel the idea that the arrival of quantum computers will somehow render all current cybersecurity practices obsolete.
“These quantum computers won’t be universal and just solve every problem we throw at them faster than our current computers, but there are certain problems that people have designed algorithms for which they will be very, very effective,” he said.