The present state of Internet security is inadequate to handle the threat posed by future quantum computers that are expected to be far more powerful than today’s conventional systems. This means that the digital systems we have come to rely on for online banking, ecommerce, healthcare, email and other applications may one day be rendered insecure by quantum computers that could slice through current encryption tools with ease, causing economic devastation on an unprecedented scale and even make it impossible for many businesses to recover.
With these considerations in mind, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has chosen the first group of encryption tools that are designed to withstand the assault of future quantum computers. The four selected encryption algorithms will become part of NIST’s post-quantum cryptographic standard, expected to be finalized in about two years.
Encryption uses math to protect sensitive electronic information, including the secure websites we surf and the emails we send. Widely used public-key encryption systems, which rely on math problems that even the fastest conventional computers find difficult to break, ensure these websites and messages are inaccessible to unwelcome third parties.
However, a sufficiently capable quantum computer, which would be based on different technology than the conventional computers we have today, could solve these math problems quickly, defeating encryption systems. To counter this threat, the four quantum-resistant algorithms chosen by NIST rely on math problems that both conventional and quantum computers should have difficulty solving, thereby defending privacy both now and in the future.
The algorithms are designed for the two main tasks for which encryption is typically used: general encryption that protects information exchanged across a public network and digital signatures that are used for identity authentication.
For general encryption, used when we access secure websites, NIST has selected the CRYSTALS-Kyber algorithm. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation.
For digital signatures, often used when we need to verify identities during a digital transaction or to sign a document remotely, NIST has selected three algorithms: CRYSTALS-Dilithium, FALCON and SPHINCS+.
NIST recommends CRYSTALS-Dilithium as the primary algorithm, with FALCON for applications that need smaller signatures than Dilithium can provide. The third, SPHINCS+, is somewhat larger and slower than the other two, but it is valuable as a backup because it uses a different math approach than the other NIST selections.
These new algorithms represent an important milestone in securing our sensitive data against the possibility of future cyber attacks from quantum computers. With the protection these algorithms offer, businesses can continue innovating without risking the loss of customer trust and confidence, thereby heading off financial disaster.
Nathan Muller is the author of 29 technical books and over 3,000 articles that have appeared in 75 publications worldwide. He also writes articles, blogs and social media content for tech companies and their executives.