Tackling the Quantum Threat: Applying NIST’s Standards Globally

Quantum computing has the potential to transform many industries and our way of life, for both good and bad.

The development of this technology is relevant to cybersecurity, with future quantum computers’ ability to rapidly solve complex mathematical problems essentially rendering existing encryption protocols redundant. This will leave all digitally-stored data exposed to hackers, including financial transactions and other highly sensitive information.

This dystopian prospect is looming ever closer, with McKinsey estimating that 5000 quantum computers will be operational by 2030, and the hardware and software needed to handle the most complex problems potentially available by 2035.

With all organisations and systems at risk of quantum-enabled attacks, it is no longer an issue that can be kicked into the long grass.

The US National Institute of Standards and Technology (NIST) has recognised the scale of the threat and in 2016 the institute kick started a process that resulted in the world’s first post-quantum cryptography standards being formalised in August 2024.

The standards encompass three cryptographic algorithms that have been developed to withstand quantum-enabled attacks.

It is expected that the NIST standards will become the global benchmark for quantum-resistant cybersecurity.

During the Infosecurity Magazine Autumn Online Summit 2024, NIST Mathematician Dustin Moody discussed the threat posed by quantum computing, the essential components of NIST’s post quantum cryptographic standards and advice for organisations on how to transition to quantum-secure encryption protocols over the coming years.

Dustin Moody: Quantum computers are a new type of technology being developed by large companies and governments around the world. This will give us tremendous computing power, way beyond what we have today.

That will bring a lot of positive benefits to society, such as designing new medicines and solving various logistical challenges.

In cryptography the impact is more disruptive. In the 1990s, a scientist named Dr Peter Shor came up with an algorithm that would enable a large quantum computer to break many of the cryptography systems we use today to protect our information.

Because cryptographers have known about this threat for a long time, they’ve also been looking at solutions for what new crypto systems could be used that can continue to safeguard our data.

Some people think they can put this off until a powerful enough quantum computer is built. That’s simply not the case. You can actually be at risk today even though that quantum computer has not yet been built. This is often known as ‘store now, decrypt later’.

If an attacker gets hold of data that an organisation needs to protect for 15 years or more and just sits on it, they can’t access it because its encrypted. But if a quantum computer comes out in 10 years, they will be able to decrypt it at that point. That will allow them to get access to the data before you would want them to.

That threat helps underscore the need for solutions and to start using them well in advance of a cryptographically relevant quantum computer being developed.

DM: There’s a few different types of cryptography that we use online today to protect our information. We have symmetric key cryptography (SKC) and that’s what’s typically used to encrypt your data at rest. That is only possible when you and the party that you are communicating with already have a shared key.

The other type of cryptography is called public key cryptography (PKC). That’s what’s used to create that shared key the very first time, and then you use that key to do SKC.

Specifically, the standards cover the PKC side because it’s only those algorithms that are vulnerable to quantum attacks.

There are two different functionalities that we you need to make up PKC. The first is key establishment – where you go to a website or somewhere else you’ve never established an account with before.

The technical name given in the standard is a key encapsulation mechanism.

The other functionality that’s needed is digital signatures, which provide authentication or ownership. A common example of that is when you’re downloading an app update or software update from the app store. When your device gets that it wants to know that the download came from the correct source and it wasn’t a malformed version or pirated software from somewhere else that’s going to try and give you a virus.

Along with that download comes a digital signature that your device can use to verify that it came from the correct app store. So digital signatures also play a significant role and some of our standards are for exactly that. 

DM: If you are an organisation that uses a digital device then the standards are going to be relevant to you as long as you have information that needs to be protected by cryptography.

One of the challenges for organisations is if you know that you use cryptography in some way, you’ll need to switch over to these new algorithms. You’re going to have to do an inventory into that – where am I using that specifically, what products do I have and what crypto systems are they using, what data is being protected by it.

Everyone is going to need to eventually migrate to quantum-safe algorithms to provide protection from future quantum attacks.

NIST is a government agency and federal agencies are going to use the cryptography that we specify. But we know that industry follows our example and they want to sell products to the US government, so we expect these standards to be very widely adopted by organisations around the world. 

DM: It begins with awareness. You may have heard about this issue and be wondering about it. You need to dig in a little bit more and understand that you are going to need to transition to new cryptographic algorithms. It’s not going to be easy and be done quickly.

It’s going to take time to understand the problem and threat. You’re going to have to undertake an inventory of your systems, get people educated, understand what needs to happen and develop a roadmap for your transition.

Some good resources are available – various industry groups have put out documents for their sector. Another good resource is the National Cyber Security of Excellence (NCCoE), which is running a migration to PQC project where NIST has partnered with about 45 different companies around the world to develop guidelines, tools and research that will help you with the migration.

DM: Past cryptographic transitions have taken 10-15 years. We hope this one goes as quickly as possible but it’s a much more complicated transition. The PQC algorithms that have been standardised use complicated maths, their key sizes are a little bit larger than what we use today.

Their performance is good, they’re very efficient. But because of that complexity, it’s still going to take time. The federal government put out a goal of 2035 for when they hope to migrate their systems by. That’s 11 years away – I hope we migrate as much as possible by then, especially our high priority data. But I’m pretty confident we won’t be done with that transition when that date rolls around.

ADVERTISEMENT

In terms of the steps to facilitate that transition, first and foremost you need come to the realisation that you need to create this roadmap and put somebody in charge of it. You need a team that’s dedicating time and resources into understanding what the transition involves.

One of the first steps is to do an inventory, which is tricky to do on your own.

There are cryptographic companies that are developing tools that will be able to scan your system. You’ll also need to talk with your product vendors – they should know about the post-quantum transition and tell you if their products are using quantum-safe algorithms or what their plan is, when they will be introduced.

DM: We highly recommend that you use standardised algorithms that make things interoperable. That choice will be largely made for you with the products that you’re using and the algorithms that they’re implementing. We do expect to see wide adoption of the algorithms that we have standardised.

There are still some choices to be made. They have different security levels. There are trade-offs between security and performance. For example, ML-KEM has security levels 1, 3 and 5. Level 5 is a little bit more secure, but there’s a small performance hit.

Level 1 is equivalent to what we use today for most encryption, so that’s probably suitable for most organisations.

Many companies that we talk to have thought about transitioning in a hybrid way, where they combine one of the new algorithms with a cryptography system they have already implemented.

The reason for that is these algorithms are new and the implementations are new. They haven’t been as battle tested. Some companies have expressed the interest of using both as in order to defeat that hybrid combination, you would have to defeat both crypto systems. So, it provides defence in depth.

There is a small performance hit, there’s more complexity. That may not be the choice everyone wants to make, but it certainly is a reasonable strategy. 

Enjoyed this article? Make sure to share it!

Looking for something else?