It took eight years to develop new standards for post quantum computing. Image: Shutterstock
ICT companies around the world are on the lookout for changes in widely used technologies after the completion of post quantum computing (PQC) algorithms designed to prevent new supercomputers from capturing personal, business, and government data.
Developed by industry and researchers through an eight-year effort led by the US National Institute of Standards and Technology (NIST), three new standards – which NIST refers to as ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205) – is the result of a competition that started in 2016.
In anticipation of the development of large-scale cryptographically quantum computers (CRQCs), NIST asked researchers around the world to submit candidates to replace FIPS 186-4, NIST SP 800-56A and NIST SP 800-56B – all of them. are vulnerable because they protect data using public key cryptography (PKC).
PKC security relies on long encryption ‘keys’ that are used to encrypt your online browsing, online banking, online shopping, sending personal information, secure messaging, social networking, email, and phone calls – as well as information such as company . customer databases, craft stores, and national security information.
Cracking this encryption requires knowing two large numbers that, when multiplied together, produce the key – a method that leads security researchers to believe that modern computers cannot crack encryption keys larger than 2,048 bits – but most computers work differently with CRQCs. they can use a method called Shor’s algorithm to ‘factor’ even the most powerful keys in hours.
This can reveal the information they protect, the personal information and communications of citizens, business secrets, and dangerous secrets of governments around the world.
The widespread availability of CRQCs “will make private encryption keys insecure,” the Australian Signals Directorate has warned, “thereby making any secure communication based on modern cryptography technology impossible.”
The quantum clock is ticking
Praised by IBM as “a turning point in modern cyber security,” the completion of three new PQC points – which were downloaded from the initial round of 82 offers and 69 reliable candidates – fired a gun in the competition of the software industry. system administrators, mobile device manufacturers, cloud service providers and others to adopt them.
“One of the main reasons for delaying implementation is uncertainty about what needs to be done,” IBM cryptography researcher and PKC encryption co-founder Whitfield Diffie said. “Now that NIST has announced specific standards, organizations are encouraged to move forward with confidence.”
This means not only adding standards to their existing and future software, but also encrypting existing data to ensure it is not exposed – a threat that the government has previously announced by warning about ‘harvest now, release later’ (HNDL). ) an attack in which cybercriminals store encrypted information and save it for manipulation when quantum computers have enough power.
To protect global information from the risk of CRQCs, these three new measures must be implemented in each area of ​​the ICT environment, forcing the upgrade of many programs in the migration that IBM warns “results in more problems than in the past. [upgrades]because it will require many security protocols to be redesigned and reconfigured. “
The PQC update is very important as an ongoing effort to protect Internet browsing with HTTPS security, although the process will be as transparent as possible since PQC standards are quietly integrated into browsers, operating systems, cloud applications, and more.
“We encourage systems managers to start integrating them into their systems immediately,” PQC project manager and NIST mathematician Dustin Moody said, noting that the new standards “include instructions for integrating into products and encryption systems. [but] full integration will take time. “
How much time is anyone’s guess – but NIST says that “historically, it has taken almost two decades to implement our modern encryption systems” and new PQC standards should be implemented at every infrastructure site.
“Although in the past it was not clear that mass computing was possible,” the agency said when the PQC project began, “many scientists now believe that it is a major engineering challenge.”
“Some engineers predict that within twenty years or so many computers will be built to solve all the major processes currently in use.”
That time is getting shorter, companies like IBM have recently introduced game-changing computers and PsiQuantum is now building supercomputers in Brisbane and Chicago – signs of quantum breakthroughs that could lead to even greater progress.
“Regardless of whether we can predict the exact time of the arrival of quantum computing,” NIST says, “we must start now to prepare our information security systems to be able to resist the use of quantum computing.”
#standards #protect #data #quantum #hackers