National Institute of Standards and Technology adopts four encryption algorithms to prepare for quantum computer attacks



In preparation for the emergence of quantum computers that may break through existing strong security, the National Institute of Standards and Technology (NIST) has adopted four encryption algorithms as 'post-quantum cryptography' with enhanced security. It was clarified that we will make adjustments for standardization.

NIST Announces First Four Quantum-Resistant Cryptographic Algorithms | NIST

https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms

Announcing PQC Candidates to be Standardized, Plus Fourth Round Candidates | CSRC
https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4

Prepare for a New Cryptographic Standard to Protect Against Future Quantum-Based Threats | CISA
https://www.cisa.gov/uscert/ncas/current-activity/2022/07/05/prepare-new-cryptographic-standard-protect-against-future-quantum

Quantum-resistant encryption recommended for standardization • The Register
https://www.theregister.com/2022/07/05/us_nist_quantum_algorithms/

Quantum computers that handle information with 'qubits' are expected to significantly exceed the computational speed of existing computers and have been researched and developed for some time, but they occur much more frequently than existing computers. Technological development to correct high 'errors' is a barrier, and it has not been fully realized.

In 2021, Google and Swedish researchers factored a 2048-bit integer in RSA cryptography , which is used in a variety of situations, in about eight hours, or cracked it, with a 20-million-bit quantum computer. Suggested that it is possible. French researchers also claim that using 13,436 qubits and multimode memory, 2048-bit integers should be factorized in 177 days.

However, as of 2022, the qubits of quantum computers studied are orders of magnitude less than the numbers above, and even the one developed by IT giant IBM is 127 qubits. On the other hand, IBM has a roadmap for developing a machine with 1000 qubits by the end of 2023, and has also announced that it plans to develop a machine with more than 1 million qubits in the future, quantum computer. The technology for development is expected to grow significantly in the future.



While the security concerns of the advent of quantum computers are not urgent issues, they could pose a threat to existing systems in the future. Therefore, since 2016, government agencies such as NIST have been promoting a project to widely solicit encryption algorithms that can withstand attacks from quantum computers, verify them, and standardize them.

Initially, 82 types of algorithms were collected, but 74 types were dropped in the process of verification proceeding to the 1st, 2nd, and 3rd rounds, and finally 8 types remained. Of these, four are being adjusted for standardization, and the remaining four are required to be fine-tuned by the development team for the upcoming fourth round.

Of the four types that are being adjusted for standardization, one is 'CRYSTALS-KYBER,' which uses public key cryptography, and has long been regarded as the most promising candidate for cryptographic algorithms. 'CRYSTALS-KYBER' was adopted because it emphasized the simplicity and speed of encryption key exchange. The remaining three use digital signatures and are known by the names 'CRYSTALS-Dilithium', 'FALCON' and 'SPHINCS +'. The functions they are good at are different, and in particular, 'SPHINCS +' has some drawbacks in speed compared to the other three, but it is the only one that uses a hash function, so it was decided to adopt it.

Of these, NIST has positioned 'CRYSTALS-KYBER' and 'CRYSTALS-Dilithium' as 'recommended' because of their strong security and excellent performance, and along with the other two types, it took about two years to become part of post-quantum cryptography. We are going to incorporate it. NIST strongly recommends that security experts begin preparing for the migration, but 'do not incorporate it into your system yet, as algorithms may change slightly before the standard is finalized.' I am careful.



in Security, Posted by log1p_kr