Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
News, news analysis, and commentary on the latest trends in cybersecurity technology.
The US Department of Commerce's National Institute of Standards and Technology has announced the first group of encryption tools that will become part of its post-quantum cryptographic standard.
2 Min Read
Source: Panther Media GmbH via Alamy Stock Photo
At long last, the National Institute of Standards and Technology (NIST) has announced the first four quantum-resistant algorithms that will become part of the post-quantum-cryptographic standard. The chosen algorithms are CRYSTALS-Kyber for general encryption to access secure websites and CRYSTALS-Dilithium, FALCON, and SPHINCS+ for digital signatures.
The post-quantum cryptographic standard, expected to be finalized in about two years, will help enterprises prepare their environments for the time when quantum computers will be powerful — and readily available — enough that they will be able to break present-day encryption. Researchers estimate that post-quantum threats could be reality as soon as 2030.
Attackers are also harvesting and hoarding sensitive information with the expectation that they can crack it later when quantum computing methods become available.
"Since the standardization project began in 2016, there's been a shift in attitudes towards PQC, and it is now understood as a critical part of a secure future. Now, it is going to be exciting to see more and more applications and systems transition to this next generation of asymmetric cryptography," said Peter Schwabe, cryptographic engineering professor and PQShield advisory board member, in a statement.
The NIST announcement comes after a busy few months. US President Joe Biden has issued two related directives: to foster better quantum technology research within government and to guide agencies to a post-quantum cryptographic standard. Any digital system that uses public standards for public-key cryptography could be vulnerable to an attack by quantum computers in the future. A White House memo in January called for government agencies to identify any encryption not compliant with quantum-proof standards and provide a timeline towards transition.
The agency plans to include four additional algorithms before finalizing the cryptographic standard. The schemes BIKE, Classic McEliece, HQC, and SIKE are expected to be considered.
"In practice, this means that CSOs need to take stock of their organization's ability to rapidly switch the cryptographic algorithms that underpin your data security, without upending your entire infrastructure- an approach commonly known as being 'crypto-agile,'" says Edlyn Teske, a senior expert with Cryptomathic, which specializes in cryptography for e-commerce security systems.
About the Author(s)
You May Also Like
More Insights
Webinars
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024