Six years after launching a competition to design a quantum-strength encryption algorithm, the National Institute of Standards and Technology (NIST), an agency of the United States Department of Commerce, chose this July 5 its first winners. Researchers around the world are studying the design of these protection tools. For the moment, four of them have been selected because they would be likely to thwart cyberattacks of quantum origin.
Quantum cyberattacks, a still theoretical threat
The development of quantum computing opens the door to many innovations. Capable of performing much more complex calculations than a traditional computer, a quantum system could have applications in fields such as medicine or finance. Unfortunately, like any technology, it can be abused. The advent of quantum computing could lead to the arrival of new cyberattacks, which are more difficult to repel with current cybersecurity devices.
Last May, the director of cybersecurity at the National Security Agency (NSA), Rob Joice, explained that such cyber threats could arise in the next five to fifty years. In this event, the NIST is therefore responsible for designing encryption algorithms to protect against these cyberattacks. Protection that must also defend the country’s economy, as wanted by the Biden administration.
Guarantee the encryption and digital signature of exchanges
The operation of the four selected algorithms is based on mathematical problems that conventional and quantum computers would have great difficulty in solving. They use the principle of public key encryption, a system widely used to protect email exchanges and online documents. Its operation is based on the encryption of a message, rendered unreadable during its transfer via a public network, and which is finally decrypted using the decryption key available to the receiver.
Encryption algorithms perform two main functions: general encryption, which protects the exchange of information across a public network, and the digital signature, used to authenticate the identity of the user exchanging information.
Of the four quantum algorithms chosen by NIST, only one guarantees general encryption. This algorithm is called CRYSTALS-Kyber and in particular protects websites. It was selected because it works with a short encryption key, which can be quickly exchanged between two parties.
The other three algorithms will be used for the digital signature, a device used to verify the identity of users during an online transaction or to log in remotely on confidential documents. They are called CRYSTALS-Dilithium, FALCON and SPHINCS+. The first two algorithms are used for the protection of authentication systems, while SPHINCS+, slower than the others, is a backup tool.
The NIST invites researchers to explore these new algorithms and to consider their uses, but specifies that it is still too early to integrate them into existing systems, because they will evolve in the near future. The institute is already considering four other algorithms and conducting additional checks before presenting them. Although quantum cyberattacks may never happen, progress in this area is moving fast, and NIST recommends that companies start identifying systems that could benefit from quantum protection before they get caught out.
