For a layman, it may be difficult to fathom how a standards body could be playing catch-up to a threat that could be at least a decade away. But that’s the position NIST finds itself in with the risk that quantum computers pose to existing cryptographic algorithms.
Working, practical quantum computers are likely 10 years away, maybe as many as 20 years from reality. But the advances they promise would make existing asymmetric cryptography obsolete, and would put a serious dent in symmetric crypto.
And that has NIST concerned and why it’s putting a public call out to cryptographers to submit new methods and strategies for holding back the risk quantum computing would pose to existing security. NIST has set a deadline of Nov. 30, 2017 to submit proposals for consideration, especially those that would focus on public key cryptography.
“(Ten years) is a long time, but we are potentially behind the curve. For example, if you are really worried about data and you want it to be secure for at least 10 years and want no one read it, someone could copy your now, and with a quantum computer in 10 years could break it,” said NIST mathematician Dr. Dustin Moody. “We need algorithms ready as soon as possible to rule out that situation from happening for groups that want keep their data secret a long time.”
NIST has identified three standards it wants replaced: FIPS 186-4, NIST SP 800-56A and NIST SP 800-56B; each of which deal with key generation and digital signatures reliant on public key crypto that is especially vulnerable to quantum computing.
“Quantum computing has an impact on symmetric keys, but doesn’t completely break it,” Moody said. “It would require doubling the key size we use; we would just deal with it with by using longer keys. It’s the other group, public key asymmetric crypto that quantum computing would break. It would be a game-changer regardless of what keys were used.”
Moody said that current research and discussion on new algorithms in development that run on quantum computing would be able to crack the hard mathematical problems that public key systems are based on. The same cannot be said for symmetric crypto.
While NIST admits that it cannot be completely sure that any current research or future work on securing data against quantum computing would fully work as expected, the urgency is nonetheless there.
“We expect the cryptosystems (to be submitted) need to be completely different, based on different mathematical frameworks so that they are not vulnerable to same attacks,” Moody said. “Researchers have been aware of this for years and have been working on this. They will be based on different areas of mathematics, yet on other hand, provide the same functionality, we hope, as current crypto systems.”
NIST is expected to review all the submissions once the deadline arrives and those who submit and meet NIST’s requirements for submission will be invited to present them in 2018. Submissions will be evaluated over a three-to-five-year period, NIST said.
The worry is that if quantum computing does emerge as a practical thing in the next 10 years, that organizations won’t be ready for the risks that will inevitably accompany it.
“More and more businesses and governments are taking note of the threat of quantum computing. There’s a growing impetus in government and industry researchers working on it. It’s getting more attention and needs more attention still,” Moody said. “Potentially we are in trouble if quantum computing arrives in 10 years. If it doesn’t for 20 or 30 years, we’re probably OK.
“If it comes quicker, it could be the data is not protected, and that’s not good for organizations that need to keep their data safe for a long time,” Moody said. “At the same time, it’s exciting that there’s a lot of research and development in this field. We’re definitely taking it seriously and are aware of the urgency.”