In the race between quantum computing and quantum-resistant encryption, encryption passed a key checkpoint on Tuesday — a victory for the security of consumer and other data.
In 2016, the National Institute of Standards and Technology asked computer scientists to help it find an encryption algorithm that could protect data from attacks using quantum computers. This week the institute has announced it would recommend a single mechanism for that purpose: Kyber†
Kyber is an open source system for securely establishing a shared secret between parties to encrypt messages. In this way, it resembles RSA, which is the most popular encryption scheme in use today and is at the heart of many data encryption schemes. Unlike RSA, scientists have not discovered an algorithm that can crack Kyber.
Some major technology vendors already support Kyber to some degree, including Amazon as part of its Amazon Web Services offering† Cloudflare also supports Kyber in a cryptography library it built and maintains, and earlier this year released his plan to migrate to post-quantum cryptography.
While none of these companies have announced that they are using Kyber to protect customer data, their early support indicates that technology vendors, such as the government, view Kyber as a (and arguably the) post-quantum encryption algorithm of choice.
“Today’s announcement is an important milestone in securing our sensitive data against the possibility of future quantum computer cyber-attacks,” said Gina M. Raimondo, the Secretary of Commerce, in the announcement. “Thanks to NIST’s expertise and commitment to advanced technology, we are able to take the necessary steps to secure electronic information so that American companies can continue to innovate while maintaining the trust of their customers.”
A team of 10 computer scientists from across Europe and North America built Kyber, which is based on an award-winning paper published in 2009 by Israeli-American computer scientist Oded Regev. After Kyber was first submitted to NIST in 2017, the team made two major revisions that improve the overall security and efficiency of the tool.
Kyber exploits an area of mathematics called lattice problems. In contrast, RSA uses an area of mathematics called the factoring problem. Phones, laptops, desktops, servers and other computers that are mass-produced cannot solve the factoring problem, making RSA safe in most situations, but quantum computers will one day be able to crack the encryption.
Mathematicians have known since 1994 how a quantum computer can solve the factoring problem and thereby break RSA. The problem was designing a computer that can actually do this.
“While it was less clear in the past that large quantum computers are a physical possibility, many scientists now believe it is just a major engineering challenge,” it reads. NIST’s webpage on post-quantum encryption.
Quantum computers have applications beyond the nefarious. They weren’t created solely or even primarily to break the encryption algorithms that businesses and governments use today.
Banks can look forward to faster artificial intelligence and financial modeling using quantum computers – once a usable quantum computer is available for them to use. Partly for these reasons, banks, including: Wells Fargo and Goldman Sachs have made strides in the quantum world.
The exact date when commercial quantum computers will be able to solve these problems is uncertain. Companies like Google, IBM, Intel, and Microsoft have invested billions in developing this new age of computing, and while quantum computers today can solve a small number of problems faster than classic computers, they don’t threaten to break encryption or promise new drugs for another one. a few years.
In 2020, the Global Risk Institute, a research organization formed by the Canadian government and the country’s largest financial institutions, 44 experts surveyed in quantum computing about the likelihood of “a significant quantum threat” to contemporary encryption algorithms. A majority of experts surveyed gave less than a 1% chance that that threat would materialize by 2025.
Most gave a less than 5% chance of the threat occurring by 2030. However, their risk estimates for 2035 grew to about a 50% chance and then to more than 70% by 2040.
According to NIST, the fact that the inevitable quantum threat has not yet arrived makes today the perfect time to transition cyber systems from pre-quantum cryptography to post-quantum cryptography.
“This transition needs to take place well before large-scale quantum computers are built, so that any information later compromised by quantum cryptoanalysis is no longer sensitive when that compromise occurs,” it said. NIST’s Call for 2016 for proposals for post-quantum encryption. “It is therefore desirable to plan this transition early.”