New Quantum-safe Cryptography Standards Arrive None Too Soon

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

A six-year quantum cryptography competition just ended, producing four new security standards selected by the U.S. Department of Commerce’s National Institute of Standards and Technology.

The announcement comes on the heels of a few major strides in quantum computing accessibility and speed—and may hopefully stave off the growing quantum security threat.

The NIST contest began in 2016, with the goal of improving general encryption and digital signatures. The four new security standards selected by NIST will become part of a quantum-safe cryptography standard released as soon as 2024. But these new standards can’t come soon enough.

Quantum technology is accelerating—and with it, the quantum threat. 2022 has seen startups with quantum-as-a-service (QaaS) solutions, leading companies partnering to create interconnected quantum computing networks, and major world powers competing to become the leaders of quantum technology.

Also read: Encryption: How It Works, Types, and the Quantum Future

Quantum Computing is Already Here

Any science-fiction premise becomes exponentially less outlandish when it’s sold as-a-service. UK-based Oxford Quantum Circuits just raised roughly $47 million in Series A funding for its Quantum-as-a-Service platform, with the goal of putting quantum processing in the hands of everyone. But it’s not unique.

Amazon’s Braket quantum computing marketplace became publicly available in 2020—a mere five years after IBM launched the first quantum computer on the cloud. Meanwhile, QuTech, Eurofiber, and Juniper Networks may be on their way to creating the first quantum internet.

Technological acceleration can happen in the blink of an eye. Two years ago, IBM released its Eagle quantum computer—at the time, the world’s fastest quantum computer—with 127 qubits of processing speed. Over the next few years, IBM intends to release the 433-qubit Quantum Osprey, followed swiftly by the 1,121-qubit Quantum Condor.

Similarly, last month, Quantinuum’s System Model H1 quantum computer broke a quantum milestone, processing 20 qubits of data—a tremendous upgrade from the previous 12. JP Morgan Chase used the quantum computer to develop an algorithm for natural language processing. As new technologies emerge, acceleration is occurring at all layers of the quantum computing industry.

Also read: Top Cybersecurity Startups to Watch in 2022

The Coming Quantum Security Meltdown

Quantum computing has tremendous implications for the fields of natural language processing, machine learning, and artificial intelligence. When computers are able to “think” extraordinarily fast, they can also think with incredible depth and complexity. However, this introduces significant security risks: What happens when a malicious application can think and adapt much faster than the leading security solutions?

And for encryption, the problem is just as much thought as it is raw power. With enough raw power, anything can be broken.

Those in the security industry have known for some time that quantum computing will break our current security standards. Earlier in the week, Toshiba partnered with Safe Quantum to develop new quantum key distribution and quantum communications technologies.

According to the CEO and founder of Safe Quantum, John Prisco, “2022 will mark the year we see commercial quantum technology really take off, as more innovators see the future quantum-secure world as the ultimate way to protect data.”

But with many enterprises still struggling with the skills gap introduced by the cloud, quantum computing has been sidelined by all but the most visionary.

Also read: AI & ML Cybersecurity: The Latest Battleground for Attackers & Defenders

IBM Experts Pave the Way Toward Quantum-Safe Cryptography

For years, IBM has been building a team of the best cryptographic experts in the world—with the express purpose of developing quantum-safe schemes. By adopting new, quantum-safe cryptography standards before quantum technology becomes readily available, enterprises hope to keep their data safe at least until the next major technological advancement—and the next significant threat.

Just as an eight-digit password was once considered nigh-unbreakable through brute force tactics, quantum computing has the potential of rendering our current cryptography and security meaningless. Large-scale, practical quantum computing could easily crack today’s cryptographic standards. Even worse, quantum computing can “reach into the past”—data stolen today may be vulnerable to quantum threat tomorrow.

It’s hoped that the new NIST standards, including those developed by IBM, will let organizations prepare for future quantum threats and protect today’s data against the challenges of the future. Companies concerned about becoming quantum-ready can engage with IBM’s new, dedicated IBM Quantum-Safe portfolio of technologies and consulting services.

Also read: Rainbow Table Attacks and Cryptanalytic Defenses

New NIST Standards Will Be Published in 2024

NIST’s new post-quantum cryptographic standards won’t be published for commercial use until 2024. However, organizations are urged to start their preparations now by auditing their current systems and testing the new cryptographic standards in a sandbox environment.

Four additional algorithms are also under consideration for inclusion in the standard, and NIST will announce finalists from that round at a future date.

Among the four standards released this week, for general encryption, NIST has selected the CRYSTALS-Kyber algorithm, which offers comparatively small encryption keys and speed of operation. 

For digital signatures, NIST has selected three algorithms: CRYSTALS-Dilithium, FALCON and SPHINCS+. The first two offer high efficiency. NIST recommends CRYSTALS-Dilithium as the primary algorithm, with FALCON for applications that need smaller signatures than Dilithium can provide.

The third, SPHINCS+, is “somewhat larger and slower than the other two, but it is valuable as a backup for one chief reason: It is based on a different math approach than all three of NIST’s other selections,” the agency said.

NIST said three of the algorithms are based on a family of math problems called structured lattices, while SPHINCS+ uses hash functions.

Between now and 2024, it’s still possible that these new cryptographic standards could change. With the world of quantum computing moving incredibly fast, cryptographic standards must move quickly, too. And as organizations adapt to the new, post-quantum cryptographic standards, they must also ready themselves for one of the most momentous shifts in the history of computing.

Read next: Cybersecurity Outlook 2022: Third-Party, Ransomware and AI Attacks Will Get Worse

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Jenna Inouye Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis