The burning question in some security scientists’ minds these days is: “Will post-quantum cryptographic algorithms be necessary in the future?”
Hanno Böck writes in the TechTarget.com/SearchSecurity site that cryptographers are today looking for these new algorithms, called post-quantum cryptography.
So, you ask, what the heck is that? Few people know about this according to this writer. The best simple answer is one provided by Nicole Laskowski, news editor for TechTarget’s site, SearchCIO. She says these are cryptographic algorithms that can withstand attack from quantum computing. OK, that’s good to know.
Meanwhile, back to Böck’s article. He says that the National Institute of Standards and Technology (NIST) is currently running a project to “solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms,” which will become a part of future post-quantum cryptography standards, but those are not coming any time soon. According to NIST’s plans, draft standards are expected to be available between 2022 and 2024.
Nobody knows when or even if practical quantum computers will ever be built, he explains. Furthermore,Böck notes that experts’ estimates range from five to 10 years, to “not in the foreseeable future.” For security engineers, this uncertainty is a challenge because if quantum computers ever are practical, they will also threaten today’s encrypted communication. A patient attacker — such as government monitoring adversaries or an advanced persistent threat monitoring potential targets — could store encrypted data today to decrypt later.
Böckgoes on to say, “This is why some companies are already experimenting with promising post-quantum algorithms. Google launched experiments where they couple an existing elliptic curve algorithm with a future post-quantum algorithm. The idea is that even if the post-quantum algorithm turns out to be insecure, users will still have the security of the elliptic curve algorithm. That is not quantum safe, but it provides good protection against attacks without a quantum computer.”
The most telling aspect of this article is what the writer says about cryptographers’ current thought processes. He asserts that “while cryptographers think there are algorithms that are safe from quantum computer attacks, they aren’t always simple replacements for existing algorithms. Some of these algorithms are very slow, while others require very large keys or signature sizes. Some of these schemes are based on very new ideas, so cryptographers don’t recommend using them until a lot more analysis has been done about their security.”