Michael Cobb, certified information systems security professional – information systems security architecture professional (CISSP – ISSAP), is regarded as a top security expert and is a published author of many security papers.
In his most recent piece, he writes how the National Institute of Standards and Technology (NIST) is preparing to defend against quantum attacks. A most notable statement in his article is the one he makes about how computing power has so dramatically escalated and questions todays tried and true encryption standards.
He says, “the incredible increase in computing power over the last 50 years has meant that cryptographic algorithms once considered secure have had to be retired and replaced. As this continues to happen and quantum computers gains more of a foothold, it will open up systems to quantum attacks.”
He asserts that data encryption standards MD5 and SHA-1 were all popular hash algorithms but are all now considered weak, and the successor to SHA-2, SHA-3, has already been published.
However, two cryptographic algorithms that have been in use for several years and that are still considered secure are Rivest-Shamir-Adleman (RSA) and elliptic-curve cryptography (ECC), according to Cobb. He adds, “they are both asymmetric — public key — cryptosystems that are used extensively in the protocols that enable secure communication over the internet and other networks.”
Cobb explains that the imminent arrival of high-speed parallel computers based on quantum mechanics has many security experts concerned that these algorithms will need to be retired earlier than Moore’s Law would have predicted in order to avoid quantum attacks.
He says the National Security Agency (NSA) has publicly stated that “a sufficiently large quantum computer, if built, would be capable of undermining all widely-deployed public key algorithms used for key establishment and digital signatures.”
The reason for this is that quantum computers are extremely good at solving mathematical problems like integer factorization and the algebraic structure of elliptic curves over finite fields used in ECC, according to Cobb.
“They can process information in parallel as opposed to sequentially, and multiple possible answers can be considered in any given computation. Interestingly, quantum computing techniques are thought to be much less effective against symmetric algorithms than current public key algorithms provided a sufficiently large key size is used,” Cobb says.
Cobb’s position is that RSA and ECC have served us well, but NIST has decided the time has come to begin preparing critical IT systems so that they can resist quantum attacks. It has initiated a process to solicit, evaluate and standardize one or more quantum-resistant public key cryptographic algorithms.