NIST'S Post-Quantum Standards Are Just The Beginning

Uploaded on 2024-12-05 in TECHNOLOGY-Key Areas-Quantum Computing, FREE TO VIEW

The US National Institute of Standards and Technology (NIST) recently released its much-anticipated list of post-quantum algorithms (PQAs), designed to protect data from quantum computing threats. This marks a pivotal moment in the race to secure networks before 'Q-Day' – the moment when quantum computers could potentially break today’s encryption methods.

However, Andy Leaver, CEO at Arqit cautions that while these new standards are a step forward, they are only part of the solution. He highlights the need for a broader, more comprehensive approach to strengthening network security in the face of evolving quantum threats.

Q: What is the significance of NIST’s recently released list of post-quantum encryption algorithms?

The release of this list is a major step in protecting sensitive data from the potential power of quantum computers, which could one day break today’s encryption and expose everything from personal data to state secrets. NIST’s standards offer a global framework for future-proofing cybersecurity, but this is just the start. There are challenges ahead, and organisations will need to navigate the transition carefully.

Q: How do these algorithms differ from current encryption methods?

In contrast to many current encryption methods, which could be vulnerable to quantum computing’s novel mathematical capabilities, these new algorithms offer a higher level of protection by using structures that are much harder for quantum computers to break. 

ML-KEM, ML-DSA  and SLH-DSA are designed for asymmetric encryption, which involves using a pair of keys, where one is public and one is private. ML-KEM (Modular Lattice Key Encapsulation Mechanism) and ML-DSA (Modular Lattice Digital Signature Algorithm) are both based on lattice-based cryptography, which is recognised as one of the strongest approaches to post-quantum security. SLH-DSA (Stateless Hash-Based Digital Signature Algorithm) is slightly different and is founded on the SPHINCS+ hashing mechanism.

Q: What challenges might organisations face in transitioning to NIST’s post-quantum encryption standards?

The algorithms selected by NIST may not be as efficient or cost-effective as the encryption methods currently in use. This could lead to higher operational costs, particularly for organisations that need to update extensive infrastructure. 

The transition itself involves updating a substantial amount of infrastructure, and a range of technical and operational challenges will inevitably arise along the way. This includes interoperability issues between old and new systems. Organisations will need to be prepared for potential downtime and other operational challenges as they implement the new standards. The migration will be complex and gradual, demanding significant investment in time and resources.

Q: Given the potential security issues with some of the algorithms previously considered by NIST, how confident can organisations be in the final list?

The development and selection process behind this list was thorough, but not without setbacks. For example, it only took a weekend and a standard laptop to breach earlier candidates RAINBOW and SIKE, which were previously thought to be quantum-secure. The final list represents the best of what’s currently available.

While the algorithms have been rigorously tested, there are no guarantees that they won’t face similar challenges in the future. Adopting them is a proactive step towards safeguarding data against quantum risks but ongoing research is crucial. Organisations should stay informed about any developments in this regard.

Q: How can Symmetric Key Agreements (SKAs) help in protecting against quantum threats, and why should they be considered alongside NIST’s standards?

Symmetric Key Agreements (SKAs) are quickly becoming the ‘gold standard’ for post-quantum encryption. They use a single key shared between two parties to encrypt and decrypt data, making them simpler and more resistant to quantum attacks compared to asymmetric encryption. SKAs also offer flexibility, supporting a wider range of algorithms.

SKAs can be easily integrated into existing systems, providing immediate protection against threats like man-in-the-middle attacks. Backed by NIST and the NSA, and proven in projects with Intel and Sparkle, SKAs are ready for deployment now. Pairing them with NIST’s new standards offers organisations a stronger, layered defence against both current and future quantum threats.

Andy Leaver is  CEO at  Arqit

Image: Alex Shuper

You Might Also Read:

Quantum-Safe Encryption Comes Closer:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Empowering Women To Take On More Roles In Cybersecurity
Are Your Deduplication Capabilities Good Enough? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

GovCERT.HK

GovCERT.HK

GovCERT.HK is the Government Computer Emergency Response Team for Hong Kong.

Norwegian Information Security laboratory (NISlab)

Norwegian Information Security laboratory (NISlab)

NISlab conducts international competitive research in information and cyber security and operates study programs in this area.

High Sec Labs (HSL)

High Sec Labs (HSL)

High Sec Labs develops high-quality, cyber-defense solutions in the field of network and peripheral isolation.

Jscrambler

Jscrambler

Jscrambler addresses all your JavaScript and Web application protection needs.

Fingerprint Cards

Fingerprint Cards

Fingerprint Cards develops and produces biometric components and technologies that verify a person’s identity through the analysis and matching of an individual’s unique fingerprint.

Dellfer

Dellfer

Dellfer secures connected cars and other IOT devices through Intrinsic protection, enabling the most sophisticated cybersecurity attacks to be seen instantly and remediated with precision.

DataEndure

DataEndure

DataEndure helps companies build digital resilience so that their critical information assets are protected and available to the right people, at the right time.

INFRA Security & Vulnerability Scanner

INFRA Security & Vulnerability Scanner

INFRA is a powerful platform with an easy interface for any kind of Ethical Hacking, from corporate monitoring and VAPT (vulnerability assessments and penetration testing) to military intelligence.

VariQ

VariQ

VariQ is a premier provider of Cybersecurity, Software Development and Cloud services to federal, state, and local government.

Intaso

Intaso

Intaso are a boutique head hunting and talent solution firm with specialist Cyber and Information Security expertise.

Microminder Cyber Security

Microminder Cyber Security

Microminder Cyber Security are innovators, advisors, strategists committed to solving your cyber security challenges.

Fireblocks

Fireblocks

Fireblocks is a digital asset security platform that helps financial institutions protect digital assets from theft or hackers.

Google Safety Engineering Center (GSEC)

Google Safety Engineering Center (GSEC)

GSEC Málaga is an international cybersecurity hub where Google experts work to understand the cyber threat landscape and to create tools that keep users around the world safer online.

Linx Security

Linx Security

The Linx Identity Security platform enables identity, security, and IT ops teams to finally control the whole identity lifecycle.

CSIRT-Gnd

CSIRT-Gnd

CSIRT-Gnd provides 24x7 Computer Security Incident Response Services to citizens, companies and government agencies in Grenada.

Kaine Mathrick Tech (KMT)

Kaine Mathrick Tech (KMT)

KMT deliver comprehensive cyber-first outsourced technology support and solutions that scale with your business.