NIST Announces Quantum-Safe Algorithms: The New Horizon in Quantum Preparedness

It’s a new dawn for quantum computing, with massive changes taking place now. Are you prepared?

The “dawning of aquarius” is an astrological era believed to bring increased spirituality and harmony on earth. While it is too early to say if quantum computing will bring spirituality and harmony on earth, industry experts, luminaries, and academics have been forecasting and speculating for a long time about quantum computers and their power. From discovering new drugs to predicting the weather to picking stocks, the "ramifications of quantum computing for businesses are potentially huge. The world's biggest companies are now launching quantum computing programs, and governments are pouring money into quantum research," writes Daphne Leprince-Reguet in her ZDNet article.

Quantum computers are "expected to eventually usher in a whole new era of computing — one in which the hardware is no longer a constraint when resolving complex problems, meaning that some calculations that would take years or even centuries for classical systems to complete could be achieved in minutes," says Leprince-Reguet.

The Latest from National Institute of Standards and Technology (NIST)
On July 5, 2022, NIST announced that it has selected four quantum-safe algorithms for standardization: CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon, and SPHINCS+. Read NIST’s Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process

Now that these cryptographic algorithms have been identified, organizations will need to start planning for their actual deployment in 2023, according to Atsushi Yamada, managing director of quantum-safe technologies at ISARA

Yamada contends that the shift to quantum computing is going to be a massive one and stresses the importance of planning for the transition now. "Companies need to start readying their systems, infrastructures, and applications now to manage security risks and maintain high performance throughout the transition." Read more here.

Government entities agree. Earlier this year, the White House issued a National Security Memorandum with the goal to improve the Cybersecurity of National Security, U.S. Department of Defense, and Intelligence Community Systems. The memo states that agencies need to "identify any instances of encryption not in compliance with NSA-approved Quantum Resistant Algorithms or CNSA, where appropriate." 

"NIST’s announcement is a significant milestone toward a quantum-safe world and lifts a huge weight off the shoulders of organizations looking to fortify against quantum-attacks," says Philip Lafrance, CISSP, standards manager at ISARA. For the latest on quantum-safe standardization and what new standards might affect organizations, we provide a snapshot of post-quantum cryptography activity and resources.

Leveling Up Quantum Knowledge, Skills, and Competencies
"When quantum computing gains widespread adoption in the future, general knowledge about quantum computing — and skills for using quantum-enabled applications — must also become widespread. We can all recognize the importance of modern (classical) computer literacy today — in the workforce and in our recreational lives. So too, will we one day recognize the importance of quantum computing literacy?" writes Lafrance in his latest article in InfoSec Report, Quantum Literacy Critical in a Post-Quantum World

John Roese, CTO of Dell Technologies, echoes Lafrance, reinforcing the need to ensure there are "skillsets ready to tap and support future deployment of quantum computing." In the ZDNet article, Cryptography safe for now, but urgent need to build quantum skills, Roese says that "the tech community was ill-prepared for the emergence of cloud computing" but that businesses and universities made the effort to catch up. Roese urges the need to learn from this.

"Companies producing quantum-related products and services will be well served to gradually make their wares more and more accessible to a broader number of people, geographies, and applications...The more people and companies work on quantum-related technologies, the more that the technologies advance. As the technologies advance, more and more use cases will be discovered, more jobs will be created, and maybe even whole new industries will appear. As all of this happens, the barriers will slowly erode," voices Lafrance.

ZDNet reporter Eileen Yu writes, "Efforts here at least appear to be underway. Dell estimates that governments worldwide have committed upwards of $24 billion in research and development investments to establish competencies around quantum technology."

Quantum Computing Cryptography Standards
NIST has been undergoing research to understand "the potential for quantum-based technology to transform security, computing and communications, and to develop the measurement and standards infrastructure necessary to exploit this potential. Breakthroughs at NIST enabled the first forays into real-world quantum computing and tested the limits of quantum information and security. NIST is also developing the technology to harness the power of quantum computing in the everyday world through nanotechnology."

Post-Quantum Cryptography Planning Starts Now
To prepare for the arrival of cryptography-breaking quantum computers, organizations must have a roadmap to guide their migrations. A good place to start is Preparing for Post Quantum Cryptography, developed by NIST with the U.S. Department of Homeland Security (DHS). 

Planning for post-quantum cryptography was a big discussion at RSAC 2022. In Dark Reading’s, Now Is the Time to Plan for Post-Quantum Cryptography, Karen Spiegelman sums up the post-quantum cryptography keynote "Wells Fargo PQC Program: The Five Ws." Dale Miller, chief architect of information security architecture at Wells Fargo, said, "The goal here should be crypto agility, where you're able to modify your algorithms fairly quickly across your enterprise and be able to counter a quantum-based attack. And I'm really not thinking on a day-to-day basis about when is the quantum computer going to get here. For us, it's more about laying a path and a track for quantum resiliency for the organization."

"You've got to start the process now, and you have to move yourself forward so that you are ready when a quantum computer comes along," added Miller. Richard Toohey, technology analyst at Wells Fargo, concurred, "When NIST finally finishes publishing their recommendations, and standards get developed in the coming years, we're ready as an industry to be able to take that and tackle it. That's going back to crypto agility and this mindset that we need to be able to plug and play. We need to be able to pivot as an industry very quickly to new and developing threats."

Dell’s Roese points to the need for tools to support crypto agility, which would allow organizations to decide what kind of data should be wrapped in post-quantum encryption, according to Yu’s article

What’s On the Horizon?
Just think, 1969 was the year the song Age of Aquarius was released. The same year the first hosts of ARPANET, the internet’s ancestor, were connected. Look how far the internet has come. Quantum computing began in 1980 and so much has happened since. Quantum computing is now in sight!

"Will quantum computers be world-changing powerhouses in the future, as modern computers are today?" asks Lafrance in his article. What’s the latest from NIST? Keep checking back here, as we’ll keep you updated on the latest quantum and PQC news.