Advances in quantum computing pose a threat to encryption algorithms that are widely used today. This threat is so severe that some refer to it as the ‘quantum apocalypse’. It is impossible to predict exactly when scientific and technological breakthroughs will occur, but our reliance on the encryption that underpins the internet, financial transactions and the privacy of electronic communications means experts are worried that encrypted data is already being stolen and stored until quantum processing is cheap and plentiful enough to decrypt it. That is why the National Institute of Standards and Technology (NIST) of the United States has published the first ever standards for quantum-safe encryption. As NIST explains, they have…
…begun the process of standardizing these algorithms — the final step before making these mathematical tools available so that organizations around the world can integrate them into their encryption infrastructure.
“We’re getting close to the light at the end of the tunnel, where people will have standards they can use in practice,” said Dustin Moody, a NIST mathematician and leader of the project. “For the moment, we are requesting feedback on the drafts. Do we need to change anything, and have we missed anything?”
In addition to the work being done on new standards, changes are also being made to software that you may use on a regular basis. For example, Google is upgrading the algorithms used by its Chrome browser. Per a recent blog by Devon O’Brien, Technical Program Manager for Chrome security:
Teams across Google are working hard to prepare the web for the migration to quantum-resistant cryptography. Continuing with our strategy for handling this major transition, we are updating technical standards, testing and deploying new quantum-resistant algorithms, and working with the broader ecosystem to help ensure this effort is a success.
As a step down this path, Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115. This hybrid mechanism combines the output of two cryptographic algorithms to create the session key used to encrypt the bulk of the TLS connection:
- X25519 — an elliptic curve algorithm widely used for key agreement in TLS today
- Kyber-768 — a quantum-resistant Key Encapsulation Method, and NIST’s PQC winner for general encryption
O’Brien explicitly addressed the concern that encrypted data, including messages between users, will be stolen now with the intention of decrypting it later.
It’s believed that quantum computers that can break modern classical cryptography won’t arrive for 5, 10, possibly even 50 years from now, so why is it important to start protecting traffic today? The answer is that certain uses of cryptography are vulnerable to a type of attack called Harvest Now, Decrypt Later, in which data is collected and stored today and later decrypted once cryptanalysis improves.
The quantum apocalypse may sound exaggerated but the danger is real. All businesses that handle large amounts of encrypted data, including the messages that pass between comms networks, need to be conscious of the need to upgrade systems in line with evolving standards, and to prevent the theft of encrypted data in the meantime.
Ian Deakin, Principal Technologist at the Alliance for Telecommunications Industry Solutions (ATIS), will discuss the menace of quantum hacking on the next livestream of The Communications Risk Show. Join us at 4pm UK time on Wednesday, September 20 to put your questions to Ian. Save the program to your diary by clicking here.