A recent OODA due diligence consulting engagement involved surveying dozens of enterprise cybersecurity and technology leaders to assess opinions on the threat of quantum computing enabled attacks. We found that all executives we contacted were aware of the potential of quantum computing to one enable the breaking of current asymmetric encryption. This broad awareness of a threat is good. Today adversaries are collecting data they cannot currently decrypt because they believe one day they will be able to (this method is called a Store Now Decrypt Later (SNDL) attack).

Cryptographers have known of the potential of this risk ever since the mathematician Peter Shor proved that quantum computers can be used to rapidly factor large numbers into their primes in a way that will break most forms of asymmetric encryption. The computer scientist Lov Grover proved another quantum algorithm that will, among other things, enable incredibly fast invalidation of another tool for security, the security hash. There are certainly other ways quantum computers will be used by adversaries, but these two methods alone are cause for serious concern. Imagine all the data your company believes is important being read by an adversary that wants to put you out of business, and imagine that adversary is operating in a location untouchable by the rule of law.

This was a driving force in six year long efforts by NIST to coordinate with the community to find the best algorithms that will enable encryption in a post quantum world.

On 5 July 2022 NIST made a long awaited announcement of the first of four Quantum Resistant Algorithms that come from this years long process of coordination and examination. More algorithms and approaches are being evaluated and over the next two years NIST will be working on a final standard.

The algorithms selected address the weaknesses proven through both Shor’s and Grover’s algorithms, meaning they are good algorithms for both general encryption and hashing.

From the NIST announcement:

The algorithms are designed for two main tasks for which encryption is typically used: general encryption, used to protect information exchanged across a public network; and digital signatures, used for identity authentication. All four of the algorithms were created by experts collaborating from multiple countries and institutions.

For general encryption, used when we access secure websites, NIST has selected the CRYSTALS-Kyber algorithm. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation.

For digital signatures, often used when we need to verify identities during a digital transaction or to sign a document remotely, NIST has selected the three algorithms CRYSTALS-Dilithium, FALCON and SPHINCS+ (read as “Sphincs plus”). Reviewers noted the high efficiency of the first two, and NIST recommends CRYSTALS-Dilithium as the primary algorithm, with FALCON for applications that need smaller signatures than Dilithium can provide. The third, SPHINCS+, is somewhat larger and slower than the other two, but it is valuable as a backup for one chief reason: It is based on a different math approach than all three of NIST’s other selections.

Three of the selected algorithms are based on a family of math problems called structured lattices, while SPHINCS+ uses hash functions. The additional four algorithms still under consideration are designed for general encryption and do not use structured lattices or hash functions in their approaches.

For more on what to do to ensure your organization is ready for the post quantum world see our executive’s guide to quantum safe security.

Special Series on Quantum Computing

The developments in the field of Quantum Computing are coming faster and faster. OODA analysts are focusing on what matters most to today’s business decision makers. Recent reporting includes:

• The Executive’s Guide To Quantum Computing: What business decision-makers need to know now about quantum superiority
• Quantum Supremacy Is Here: The history making quantum computing news we have been anticipating has now been reported
• What To Do About Quantum Uncertainty: And we mean the uncertainty over what you should do now
• Is Quantum Computing Ushering in an Era of No More Secrets?: Context from OODA’s Matt Devost on the very near future of quantum computing.
• AI, quantum computing and 5G could make criminals more dangerous than ever, warn police: Quantum is one of many emerging technologies that law enforcement professionals are tracking
• Intel offers AI breakthrough in quantum computing: This article is more about quantum simulations for AI, but shows the ecosystem that is developing around the technology
• Quantum Computing That Can Crack Modern Encryption More Than a Decade Away: When we see reports like this we wonder what qualifies the experts to say this. But in this case the experts are the National Academies of Sciences.
• Could quantum computers render current bitcoin and most blockchain cryptography powerless?: There is a worry that new algorithms that could run on quantum computing could attack blockchain and asymmetric encryption.