News from the NIST Post-Quantum Crypto Process
To counter the quantum threat, which will break current asymmetric cryptography, the National Institute of Standards and Technology (NIST) has launched a process to select and standardize new resilient algorithms (Post Cryptography Standardisation). The open selection process started in 2017, with a first round of 69 proposed algorithms, which were presented, analyzed, and attacked by the crypto community. We are now in the final stage of the third round, with seven finalists, three algorithms for signature and four for key exchange. The final selection is expected in April.
Recently, a new classical attack on one of these finalists, the Rainbow algorithm, was announced on the Post-Quantum Cryptography (PQC) forum and published in an article. The validity of this attack was quickly acknowledged and will probably lead to the abandonment of this algorithm. The fact that this attack was only discovered so late in the process demonstrates two important points.
First, open disclosure of the details of the algorithms is crucial to enable the community to analyze them and find possible flaws. Cryptanalysis is a complicated and lengthy process, which should not be constrained. The NIST process has been rather exemplary in this respect. All proposed algorithms have been subject to an in-depth analysis by the whole community. This contrasts with the behavior of a few companies that are using proprietary algorithms, which have not been submitted to this grueling process.
Second, even after this analysis, there is still a distinct risk that a new algorithm may fail, either classically or from a new quantum attack. This is why ID Quantique advocates adding another layer of safety by using quantum technologies, such as quantum random number generation (QRNG) and quantum key distribution (QKD). QRNG can and should be used for all key generation processes. QKD can also be applied today for long-term protection of communication backbones and metropolitan networks.
QKD Networks and the future Quantum Internet will expand the scope of applications much further. The future of cybersecurity will only be achieved by a combination of all available technologies, from both the mathematics side and the quantum side.
ID Quantique (IDQ) provides high-performance quantum-safe security solutions for the protection of data in transit. By upgrading existing network encryption products with Quantum Key Distribution (aka quantum cryptography), IDQ ensures that the solutions are “quantum-safe”. This ensures the long-term protection of sensitive data into and beyond the quantum era when quantum computers will render most of today’s conventional encryption algorithms vulnerable.
IDQ also develops and commercializes random number generators based on quantum physics, which are the reference for true randomness in several industries, including security, simulations and gaming.
To request more information or a quotation for any ID Quantique products, contact IL Photonics.