Will These Algorithms Save You From Quantum Threats?

“The first thing organizations need to do is understand where they use crypto, how and why,” says El Kaafarani. “Start assessing what parts of your system need to change and create a transition to post-quantum cryptography from the most vulnerable pieces.”

There is still a high degree of uncertainty around quantum computers. No one knows what they will be capable of or whether it will even be possible to build them to scale. Quantum computers built by Google and IBM are beginning to outperform classic devices in specially designed tasks, but increasing them is a difficult technological challenge and it will be many years before there is a quantum computer that can run the Shor algorithm significantly. way. “The biggest problem is that we need to make an educated guess about the future capabilities of both classical and quantum computers,” Young says. “There is no security guarantee here.”

The complexity of these new algorithms makes it difficult to assess how well they will work in practice. “Security assessment is usually a cat-and-mouse game,” says Artur Ekert, a professor of quantum physics at Oxford University and one of the pioneers of quantum computing. “Jealousy-based cryptography is very elegant from a mathematical perspective, but evaluating its security is very difficult.”

Researchers who developed these NIST-supported algorithms say they can effectively simulate how long it will take a quantum computer to solve a problem. “You don’t need a quantum computer to write a quantum program and know what its runtime will be,” argues Vadim Lyubashevsky, an IBM researcher who contributed to the CRYSTALS-Dilithium algorithm. But no one knows what new quantum algorithms researchers could prepare for in the future.

In fact, one of the shortlisted NIST finalists, a structured lattice algorithm called Rainbow, was removed when IBM researcher Ward Beullens published an article entitled “Breaking Rainbow Takes a Weekend on a Laptop.” Young argues that NIST ads will focus the attention of code-breakers on structured latticework, which could undermine the entire project.

There is also, says Ekert, a careful balance between security and efficiency: in basic terms, if you lengthen your encryption key, it will be harder to break it, but it will also require more computing power. If post-quantum cryptography is deployed as widely as RSA, this could mean a significant environmental impact.

Young accuses NIST of thinking a bit “naive”, while Ekert believes “a more detailed security analysis is needed”. There are only a handful of people in the world with the combined experience of quantum and cryptography needed to carry out this analysis.

Over the next two years, NIST will publish draft standards, invite comments, and finalize new forms of quantum-proof encryption, which it hopes will be adopted worldwide. After that, based on previous implementations, Moody’s believes it could be 10 to 15 years before companies implement them widely, but their data may be vulnerable now. “We have to start now,” El Kaafarani says. “This is the only option we have if we want to protect our medical records, our intellectual property or our personal information.”

Source link

Leave a Comment