Whenever we talk about end-to-end encrypted data, we’re usually talking about messaging apps like iMessage, Signal, WhatsApp, and Google’s RCS. But plenty of other data is encrypted to ensure attackers can’t access it. Think of data in transit from your devices to servers (or vice versa), your bank account, government secrets, and more.
This encryption is so strong that it’s virtually impossible for modern computers to break it. On that note, you can’t have backdoors in encryption as some lawmakers want. Those “doors” would be incredibly dangerous.
Someday, in the not-too-distant future, quantum computers will be so powerful that they’ll be able to break current encryption standards in hours. Regular computers would need a billion years to break one of the current standards.
The US government has a plan: New encryption standards that will resist quantum attacks. The US Commerce Department’s National Institute for Standards and Technology (NIST) has approved the first three algorithms for encrypting internet data.
As Fast Company notes, NIST unveiled the final version of the algorithms on Tuesday. The White House will hold an event to celebrate the milestone. That’s how important defense against quantum computing is.
Digital cryptography has been worried about quantum computers cracking current encryption standards for three decades. While it might be another decade before such quantum computers exist, deploying the new standards has to happen many years before that. They can’t be rolled out overnight.
Currently, the world uses three algorithms: RSA, elliptic curve cryptography, and Diffie-Hellman key exchange. These algorithms involve solving mathematical problems that are too complex for current computers.
The RSA standard is the one that current computers can hack in about a billion years. A quantum computer would need just hours with RSA encryption. RSA happens to be the secure handshake that’s at the basis of some 90% of internet connections. Breaking that sort of encryption would be a massive achievement.
There’s no quantum computer that can do that job right now. However, current estimates say there’s a 17% to 31% chance that a Cryptographically Relevant Quantum Computer could appear this decade. The chance increases to 33-54% for the next 15 years.
The faster the world deploys new encryption techniques, the better. The FastCompany report points out that some hackers will have time to wait for quantum computers to arrive to break certain data. When hackers steal encrypted data, that’s still a risk. They might decrypt it in the future. If it’s information like social security numbers, bank accounts, or government secrets, they can still do harm decades later.
NIST started its search for new encryption standards that could withstand quantum attacks in 2014. The institute employed mathematicians and cryptographs to develop and test new standards. They began with 82 algorithms, 69 of which were tested since 2016. Six years later, NIST selected four proposals to turn into new encryption standards.
NIST announced three of the four proposed quantum-resistant encryption algorithms this week: CRYSTALS–Kyber, CRYSTALS–Dilithium, and SPHINCS+. The fourth one, FALCON, might be released next year.
The CRYSTALS algorithms are based on geometric repeating structures called lattices. “Our brains think [of lattices] in two dimensions or three dimensions, but for these lattices, we do the math in 500 or 1,000 dimensions,” Dustin Moody told the blog. Moody is a mathematician who has led the NIST’s cryptography effort since 2014.
Decrypting these geometric lattices is so difficult that even quantum computers would struggle to solve the maths.
The SPHINCS+ algorithm is an alternative that uses hash-based cryptography. It’s a different way of encrypting data, as NIST wanted options in case someone figures out how to break lattices.
As for what kind of services will be upgraded to the new encryption standards, that’s still unclear. It’s safe to assume that highly sensitive information, like state secrets, will be among to get such protections.
Eventually, quantum-resistant encryption should be available on more services. Many countries are likely already investing large sums of money in developing quantum computers that can break current encryption standards, while also developing quantum-resistant encryption algorithms. China might be one such country, as it’s believed to have invested more than $15 billion in quantum computing projects.
