NIST Standardises IBM's Post-Quantum Cryptography Algorithms
The US National Institute of Standards and Technology (NIST) has taken a significant step towards securing the digital world against quantum computing through the standardising of the world’s first post-quantum cryptography (PQC) encryption standards.
The standardised algorithms marks a crucial milestone in the global effort to protect sensitive data from future threats as it recognises the efficacy of these PQCs in resisting quantum powered attacks.
"Today, public key cryptography is used everywhere in every device. Now our task is to replace the protocol in every device, which is not an easy task,” Lily Chen, Head of the Cryptography Group at NIST explained
Now known as Federal Information Processing Standards (FIPS) 203, 204, and 205, are designed to replace current encryption methods vulnerable to quantum computing.
Examining the algorithms
These new standards are based on lattice cryptography and hash functions, which are believed to be resistant to quantum attacks.
Although quantum computers are not currently able to crack encryptions with any real ease, the announcement comes as a response to the "harvest now, decrypt later" threat.
This is where malicious actors could potentially store encrypted data today and decrypt it once powerful quantum computers become available. This concern has prompted industries to take proactive measures in implementing quantum-safe security solutions.
Highlighting the industry's involvement in this critical transition, IBM announced that two of its developed algorithms, ML-KEM (formerly CRYSTALS-Kyber) and ML-DSA (formerly CRYSTALS-Dilithium), have been included in NIST's standards.
"IBM's mission in quantum computing is two-fold: to bring useful quantum computing to the world and to make the world quantum-safe," IBM's Vice President of Quantum Jay Gambetta explained.
The third published algorithm, SLH-DSA (initially submitted as SPHINCS+) was co-developed by a researcher who has since joined IBM, and a fourth IBM-developed algorithm, FN-DSA has been selected for future standardisation.
The tech giant has already begun integrating PQC into its products, such as IBM z16 and IBM Cloud, and announced the IBM Quantum Platform will soon begin to transition to the new PQC algorithms.
An industry’s efforts in quantum security
This move by IBM demonstrates how major tech companies are not only developing quantum computing technology but also actively working to establish and implement quantum-safe security standards.
Global telecom leader Telefónica last month announced they had developed a quantum security architecture solution.
The solution incorporates Quantum Key Distribution (QKD) and post-quantum cryptographic algorithms, adhering to standards set by the European Telecommunications Standards Institute (ETSI) - the European equivalent of NIST.
This initiative not only addresses future quantum threats but also aims to provide immediate protection against "harvest now, decrypt later" attacks.
A fearless future
As NIST pushes for the adoption of PQC standards, these industry developments highlight a growing consensus on the need for quantum-safe security measures.
The race to secure our digital infrastructure against quantum threats is accelerating, with government agencies, tech giants, and telecommunications companies all playing crucial roles.
The transition to post-quantum cryptography will be a complex and lengthy process, requiring significant investment and collaboration across industries.
However, the proactive steps taken by companies like IBM and Telefónica demonstrate that the private sector is not waiting for quantum computers to become a reality before acting. Instead, they are actively shaping the future of cybersecurity, ensuring that when large-scale quantum computers do arrive, our digital infrastructure will be ready to withstand their computational power.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand