The National Institute of Standards and Technology (NIST) is expected within the next few weeks to announce several new post-quantum cryptography standards for public key signature and exchange algorithms.
That will come as a relief to many, who are worried that encrypted data already has been or is being stolen, and that the thieves simply are waiting for the day when a quantum computer can help them crack the encryption. It could take a couple more years to properly validate these standards to see them finalized and widely deployed, and the real decryption threat posed by quantum computers likely is a decade away, maybe longer, but the possibility of present-day attacks by very patient bad actors is unsettling, to say the least.
What everyone wants to know is whether or not the upcoming NIST standards will greatly enhance the ability to protect encrypted data from the growing threat. Unfortunately, a recent successful hacking effort on one of the signature algorithm standard candidates by an IBM researcher may not do much for the confidence of those concerned about future dangers. Although, quantum experts so far are taking the news in stride.
News of the cracking of this signature, called Rainbow, first emerged in February, though details were still coming to light in late March. In recent days, the Spanish newspaper El Pais published an account of how Rainbow was cracked in a little over 50 hours using just a laptop PC.
Though that might seem like a reason for deep concern, the quantum sector has not been panicking.
Jack Hidary, CEO of Sandbox AQ, the quantum technology company recently spun out of Google owner Alphabet, told Fierce Electronics that Rainbow “is not going to make it” as one of the final standards, and “previous papers” suggested as much even before the most recent paper. “I think this final list will focus on some of the other protocols. To be clear, there was not a final standard that came out of NIST that was broken; that did not happen. These protocols were coming down through this process [which started several years ago with 69 candidate algorithms], and during that process concern was raised about one of them.”
If Rainbow doesn’t make the cut, NIST’s upcoming announcement is likely to be included six standards, including three for public key signatures and three for key exchange.
Duncan Jones, Head of Cybersecurity at Quantinuum, added, “I would be surprised if Rainbow is selected as one of the preferred candidates in the NIST process.”
He agreed that things didn’t look good for Rainbow before the most recent paper questioning its viability. “The recent attack has meant Rainbow is even less desirable than before,” Jones said, further explaining that the successful cracking of Rainbow means that to be viable it would need larger key sizes than it has now to meet the same required security levels, which could make it difficult to work with.
“One must also consider whether incremental improvements in the attack would require yet another change in parameters in the next few years, with even larger key requirements,” Jones told Fierce Electronics.
Hidary also suggested that Rainbow could be “fixed” by adjusting its parameters, and could even potentially make a return to standards consideration, but that the focus should now be on the fact that NIST is still preparing to unveil a list of multiple standards to replace current RSA encryption standard.
“We're moving data protection from a single protocol world with RSA to a multi-protocol world,” Hidary said.
A major migration
That migration will be a software migration, but not necessarily a quick one. “Around the world 20 billion devices need a software upgrade. About 7 billion mobile phones will need to be upgraded. Right now they operate on the basis of having RSA encryption. So then you think about all the apps on those phones, right? …All that is RSA encrypted, and that all has to be upgraded. So that's 7 billion phones, billions of laptops, servers, and other PCs and of course, billions of IoT devices need upgrades.”
Sandbox AQ has products that help companies with the discovery process of identifying devices on their networks that need encryption upgrades, and as the new company recently launched, it did so with the additional announcement of a partnership with Japanese tech giant SoftBank to help that company verify post-quantum cryptography. Both Sandbox AQ and Quantinuum (through its Quantum Origin product), among many other firms, are positioning to provide the market with quantum-based algorithm solutions that already are available and can be adapted to support future standards.
Jones said of Quantum Origin, “We are always learning about how some advanced new attack could make something obsolete that was previously considered secure. Products like Quantum Origin are fundamentally different because the keys we generate are unpredictable regardless of what you throw at it. It's just unpredictable because it's unpredictable, because that's the way quantum physics works… Nothing is perfectly secure, but we remove a lot of the bits that could be broken by advances in attacks and computing power, and replace them with things that are secure because the laws of physics say that's how it works.”
The discovery process Hidary mentioned can take months, and companies and network operators are likely to spend much of the next few years validating and verifying the upcoming NIST standards before they become widely implemented as upgrades from RSA.
At the same time, there will be other quantum security efforts ongoing, such as the migration to quantum key distribution to support quantum-secure communication networks.
Several major telecom network operators have been working on QKD network trials and projects, including Verizon in the U.S. and SK telecom and KT in South Korea, and in the U.K., BT later this month is expected to unveil a QKD metro network in London that it previously announced it was building with Toshiba.
Quantum-resistant encryption algorithms and QKD both have a place in protecting users from threats posed by quantum computers, but upgrading encryption is the more urgent need, Hidary said. “QKD will have its place, but right now, that is not going to be the priority for the majority of companies. The priority will be the immediate upgrade from RSA to post-RSA.”
Jones added, “Quantum is a boogeyman for cyber, but it's also going to help us as well.”