What Is the Future of Quantum-Proof Encryption?

On Tuesday, the National Institute of Standards and Technology (NIST) announced its first quantum-resistant algorithms—new encryption that will become the standard to guard against attacks by quantum computers, which are not yet here. The four algorithms are CRYSTALS-Kyber, for general encryption, and three schemes for digital encryption: CRYSTALS-Dilithium, FALCON, and SPHINCS+.

Over the past few decades, NIST has managed encryption standards, introducing and vetting the schemes that protect and authenticate valuable digital information—from bank transactions to emails to your Netflix password. These encryption schemes are easy for the user to encode and decode, but hard for an attacker to break. This one-way functionality is like mixing colors: It’s easy to mix shades of blue and yellow to make green, but hard to tell by looking at a green which shades were used to create it.

While these methods have been robust against classical attacks, they are known to be vulnerable to quantum algorithms. Quantum computers capable of breaking existing encryption with these algorithms are a ways off, but researchers say there’s no time to wait. Post-quantum cryptography is the future, and it’s here now.

Last week, we spoke with Dustin Moody, a mathematician at NIST leading the post-quantum cryptography standardization process.

What is post-quantum cryptography, and why does NIST need a standardization process for it?Dustin Moody: Researchers from a variety of backgrounds have been working on building what’s called a quantum computer. If a quantum computer is built that is large enough, there’s an algorithm you could run on this quantum computer that would break several of the most widely used cryptosystems that we have implemented and use today around the world. So post-quantum crypto is preparing new cryptosystems to replace those that would be vulnerable to attacks from a big enough quantum computer. And NIST is doing this because a few of the cryptosystems that we have standardized, namely the ones dealing with public-key cryptography, would be vulnerable. So we want to replace those standards with new ones that would not be vulnerable to attacks from a quantum computer. [READ MORE]