Do these algorithms protect you from quantum threats?
“The first thing organizations need to do is understand where they’re using crypto, how and why they’re using it,” El Kafarani said. “Start predicting which parts of your system need to change and design the transition to post-quantum cryptography from the most vulnerable pieces.”
There is still a lot of uncertainty surrounding quantum computers. No one knew what they could do or if it was even possible to build them at scale. Quantum computers Being built by the likes of Google and IBM They are beginning to outperform classical devices in specially designed tasks, but scaling them up is a difficult technical challenge and it will be many years before a quantum computer capable of running Shor’s algorithm in any meaningful way comes into existence. “The biggest issue is that we need to make an educated guess about the future capabilities of classical and quantum computers,” Young said. “There is no guarantee of safety here.”
The complexity of these new algorithms makes it difficult to predict how well they will perform in practice. “Assessing security is usually a cat-and-mouse game,” says Arthur Eckert, professor of quantum physics at the University of Oxford and one of the pioneers of quantum computing. “Lattice-based cryptography is very elegant from a mathematical point of view, but its security is very difficult to predict.”
The researchers who developed these NIST-backed algorithms say they can effectively simulate how long it would take a quantum computer to solve a problem. “You don’t need a quantum computer to write a quantum program and know what its running time will be,” argues Vadim Lyubashevsky, an IBM researcher who contributed to the Crystals-Dilithium algorithm. But no one knows what new quantum algorithms will be developed by researchers in the future.
Indeed, one of the shortlisted NIST finalists—a structured lattice algorithm called Rainbow—was eliminated from the running when IBM researcher Ward Bullens published a paper titled “It takes a weekend on a rainbow breaking laptop.” NIST’s announcements focus code breakers’ attention on structural lattices, which undermines the entire project, Young argued.
There’s also a careful balance between security and efficiency, Ekert says: In basic terms, the longer you make your encryption key, the harder it is to break, but the more computing power it requires. If post-quantum cryptography were to become as widespread as RSA, it would represent a significant environmental impact.
Young accused NIST of a bit of “naïve” thinking, while Ekert believed “a more detailed security analysis is needed.” There are few people in the world with the combined quantum and cryptography expertise needed to perform that analysis.
Over the next two years, NIST will publish draft standards, invite comments, and finalize new forms of quantum-proof encryption that it hopes will be adopted worldwide. After that, based on previous implementations, Moody’s expects it could take 10 to 15 years for companies to deploy them widely, but their data could be vulnerable now. “We have to start now,” El Kafarani said. “It’s the only option we have if we want to protect our medical records, our intellectual property or our personal information.”