New algorithms selected for protecting world’s data from quantum attack - now is the time to begin crypto upgrade, urges Post-Quantum’s CEO
- The National Institute of Science and Technology (NIST)
has been leading the hunt for quantum-safe encryption
algorithms since 2016.
- News follows recent and ongoing push from White House
and G7 to accelerate migration to new standards.
- Post-Quantum’s NIST submission ‘Classic McEliece’
selected for assessment in next round with potential for
London, 6th July 2022:As quantum computers develop they will be able to use Shor’s algorithm to break today’s encryption standards, which safeguard virtually all data flowing over the internet today. Even before a quantum computer matures to this point, a milestone commonly referred to as Y2Q, it is known that some nation-states are harvesting data today, so that they can decrypt it later when quantum computing has advanced further.
US standards-setting body NIST has been running a global competition to identify new quantum-safe encryption algorithms since 2016. The competition has drawn entries from top academic and private sector cryptographers, and yesterday was finalised with four new algorithms set to be standardised. UK-based Post-Quantum’s algorithm NTS-KEM (now known as Classic McEliece after merging with the submission led by Professor Daniel Bernstein) has also been selected for further consideration in a 4th round.
The news also follows a renewed effort by world leaders to ensure high-security industries are protected. Last week, the G7 nations made a commitment to a new cooperation to deploy quantum-resistant cryptography, with the goal of ensuring secure interoperability between ICT systems and fostering growth in the digital economy. Earlier in the year, the White House issued a directive and the Quantum Computing Cybersecurity Preparedness Act to mandate US Federal Agencies begin reporting on their progress towards quantum-safe encryption .
Andersen Cheng, CEO at Post-Quantum, commented on the news: “We’d like to congratulate all the teams behind the algorithms that have been selected for standardisation in this round, and we’re very proud that our algorithm – Classic McEliece – has been selected for further consideration.”
“Quantum computers continue to be the biggest existential risk to our information security, and the threat they pose to our data is already on our doorstep today in the form of harvest now, decrypt later attacks. It has become increasingly clear over recent months that the world is starting to realise this and ramping up efforts to upgrade defences, yesterday’s announcement is a milestone, providing clarity on the algorithms that will eventually protect everything we do online.”
Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure. This means that, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, preparing our information security systems to resist quantum computers must begin now. This is vital for enterprises and governments that have sensitive data with a long shelf life, such as intellectual property, as there is a real risk today that their data will be harvested in transit so it can be decrypted as the first functioning but unannounced quantum machine comes online into existence in future.
To ensure organisations can act today, Post-Quantum has created an ecosystem of solutions that are ‘hybridised’, meaning they can be used with any algorithm that is standardised now, or becomes standardised in the future. This means that high security enterprises that need to protect data from harvest now, decrypt later attacks are able to use and deploy solutions on the market today, rather than wait for solutions to be built for specific algorithms.
Cheng added: “For organisations that don’t know where to start in this migration, we urge them to begin by auditing their entire IT estate to identify where encryption is used and needs to be upgraded to become quantum-safe. However, for high security industries that want to act now, it’s vital that they use and adopt solutions that take both a hybridised and crypto-agile approach. As it will take many years for the world to completely migrate to a quantum-safe future, crypto-agile solutions will allow you to combine NIST’s standardised algorithms with better understood traditional encryption to ensure backward compatibility and interoperability. Adopting crypto-agile solutions will also allow you to act now, and be flexible in the future as more algorithms are standardised.”
Post-Quantum recently included the newly announced standards and Round 4 finalists in a trial of its Hybrid VPN with NATO. The NATO Cyber Security Centre (NCSC) successfully tested secure communication flows in a post-quantum world using Post-Quantum’s ‘Hybrid Post-Quantum VPN’, which is a crypto-agile solution that combines both new post-quantum and traditional encryption algorithms. The NATO Cyber Security Centre, which is run by the NATO Communications and Information Agency (NCI Agency), protects NATO networks 24 hours a day, seven days a week.
Post-Quantum is a British deep tech pioneer focused on protecting the world’s information from the threat posed by hacking using quantum computers. Founded in 2009, the company has developed a range of quantum-safe software products focused on identity, transmission and encryption to deliver an end-to-end environment secure from quantum attack.
NTS-KEM (now known as Classic McEliece) is the company’s submission to the NIST Post-Quantum Cryptography competition, which seeks to identify algorithms that will form an open source crypto standard used to protect all the world’s digital information.
The company is the original author of the Internet Engineering Taskforce (IETF) standards for a Hybrid Post-Quantum Virtual Private Network. These standards can be used by developers to build VPNs capable of withstanding quantum attacks and the firm has also built such a VPN, which is being used in live environments today.