Decision will be binding on many companies and change the way they protect your data:
In the not-too-distant future—as little as a decade, perhaps, nobody knows exactly how long—the cryptography protecting your bank transactions, chat messages, and medical records from prying eyes is going to break spectacularly with the advent of quantum computing. On Tuesday, a US government agency named four replacement encryption schemes to head off this cryptopocalypse.
Some of the most widely used public-key encryption systems—including those using the RSA, Diffie-Hellman, and elliptic curve Diffie-Hellman algorithms—rely on mathematics to protect sensitive data. [...]
Researchers have known for decades these algorithms are vulnerable and have been cautioning the world to prepare for the day when all data that has been encrypted using them can be unscrambled. Chief among the proponents is the US Department of Commerce's National Institute of Standards and Technology (NIST), which is leading a drive for post-quantum cryptography (PQC).
On Tuesday, NIST said it selected four candidate PQC algorithms to replace those that are expected to be felled by quantum computing. They are: CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON, and SPHINCS+.
[...] While no one knows exactly when quantum computers will be available, there is considerable urgency in moving to PQC as soon as possible. Many researchers say it's likely that criminals and nation-state spies are recording massive amounts of encrypted communications and stockpiling them for the day they can be decrypted.
See also: NIST announcement, particularly if you have any digital signature algorithms you want to enter for consideration.
[Ed's Comment: AC Friendly withdrawn. You can blame you-know-who for the spamming]
Related Stories
The draft publication features updates intended to help fight online crime, preserve privacy and promote equity and usability:
The U.S. Department of Commerce's National Institute of Standards and Technology (NIST) has drafted updated guidelines to help the nation combat fraud and cybercrime while fostering equity and preserving fundamental human rights. The guidelines support risk-informed management of people's personas online — their "digital identities" — often required to engage in everyday digital transactions from banking to ordering groceries.
"These guidelines are intended to help organizations manage risks related to digital identity and get the right services to the right people while preventing fraud, preserving privacy, fostering equity and delivering high-quality, usable services to all," said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio. "We are actively seeking feedback not only from technical specialists, but also from advocacy and community engagement groups that have insight into the potential impacts these technologies can have on members of underserved communities and marginalized groups."
[...] NIST is accepting comments on the multivolume draft until March 24, 2023. NIST will host a virtual workshop on Jan. 12, 2023, to provide details on the major changes to the guidelines and the comment process. Interested parties can register online to attend. This will be the first step in a robust engagement process to gain feedback from public and private sector organizations, technology and professional services providers, academia, civil society, advocacy groups and many others on how to improve the draft guidance and achieve a more competitive, secure, private and inclusive identity ecosystem. Among several topics that NIST intends to address, a significant portion of the organization's engagement efforts will be dedicated to exploring emerging and alternative methods of identity verification, including technologies that do not rely upon facial recognition.
(Score: 3, Interesting) by DannyB on Thursday July 07 2022, @07:41PM (3 children)
Long ago I remember reading Applied Cryptography.
One lesson I remember from that book is that when you are designing a system to protect your data, you need to select an algorithm and key length that not only protects the data today, but also tomorrow. Tomorrow there will be new attacks more efficient than brute force. Tomorrow there will be faster processors, and more of them in a single machine. Plan for that and design accordingly for attacks that might happen much further out in the future while the data still has value. Some secrets need to be kept for a long time.
How often should I have my memory checked? I used to know but...
(Score: 0) by Anonymous Coward on Friday July 08 2022, @12:34AM
Well, don't forget that there was an attack on the World Trade Center in the 90s, and also in the 90s the FBI and others were making the case that there should be a crack down on cryptography and advocating for backdoor access for law enforcement. So it wasn't too much of a stretch to make those comments at that time.
(Score: 2) by JoeMerchant on Friday July 15 2022, @07:45PM (1 child)
If 9/11 was only a few years later, then the rental-van full of explosives in the parking garage attack on the WTC had already happened. If at first you don't succeed...
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 2) by DannyB on Friday July 15 2022, @08:20PM
If at first you don't succeed, use a shorter bungee.
How often should I have my memory checked? I used to know but...
(Score: 1, Touché) by Anonymous Coward on Thursday July 07 2022, @07:47PM (6 children)
They've already managed to factor 21. They might be able to factor 35 soon!
(Score: 2) by bradley13 on Thursday July 07 2022, @08:10PM (5 children)
At this point, I view useful quantum computing the same way I view useful fusion power: Only a decade or two away. And we'll still be saying exactly that in 10 or 20 or 50 years.
Turns out it isn't magic. Given the massive error rates, at this point quantum computing seems unlikely to compete with digital computing - possibly ever. The fancy quantum algorithms (for things like factoring large numbers) are defeated by the error rate.
There are tasks that only quantum computers can tackle, yes. Funnily enough, those seem to be things like modeling quantum systems. Not making precise mathematical calculations.
Of course, I'm just an interested layman. Any quantum experts want to weigh in?
Everyone is somebody else's weirdo.
(Score: 3, Interesting) by HiThere on Thursday July 07 2022, @08:23PM (1 child)
I think it's unlikely that quantum computers will ever replace classic computers for most things. For factoring numbers, though, or for modeling particle interactions, it will probably become the "best method". So don't expect a mass market version, but governments and large corporations will be able to access them (and perhaps time-share them over the internet).
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2, Funny) by Runaway1956 on Friday July 08 2022, @02:18AM
FTFY
Abortion is the number one killed of children in the United States.
(Score: 5, Interesting) by Anonymous Coward on Thursday July 07 2022, @09:55PM (2 children)
There is a parallel in classical history. People used to think that classical computers were impossible because you could not build a reliable system out of the unreliable components that existed at the time. The idea was that the noise of the system would eventually generate enough error to render any long-term calculation useless. However, von Neumann proved that you could build a reliable system out of unreliable components by using sufficient fault tolerance. The amount of fault tolerance required is given by the von Neumann threshold theorem. That isn't so much an issue today because our components are more reliable than they are back then, which results in much lower thresholds, and the theorem is mostly forgotten, but it was a major breakthrough at the time that energized the field.
Now to address quantum computing history. Shor extended that result to prove that it was possible to construct a quantum computer capable of reliable calculation even though its components are unreliable. That result has been further refined in subsequent papers to show that it applies to specific types of quantum computers. If you do the math, as long as the error rates for any particular component doesn't exceed the threshold (around 4% and some research indicates it is in excess of 7%), it is possible to physically construct a reliable quantum computer. Combined with the fact that quantum computers are getting even more reliable (99% and much better for non-public machines), the size of the computer is quickly shrinking.
Another factor to consider is the types of calculation problems these types of quantum computers are talked about. In those problems, even repeated running of the machine to reduce error is faster than running a classical system. They are also the kind of problem where even an approximate answer is often good enough because it is so much faster to check the range of close-enough answers than solve it in a completely classical manner. So that is the key here. Not only are the machines themselves getting more reliable with less error, but even a small reduction in error results in drastic size reduction and dramatic speed increase for the overall algorithm.
(Score: 0) by Anonymous Coward on Friday July 08 2022, @12:38AM (1 child)
So what's your take on this? If you were a criminal enterprise, would you be spending the resources to archive as much encrypted data as you can now, or do you think the ROI is too far out in the future?
(Score: 0) by Anonymous Coward on Friday July 08 2022, @02:07AM
I think that depends on how much you include as criminal enterprises. Enterprises that are small or medium in size will likely not see the ROI. Larger enterprises and governments are already at the scale where they can afford the $1-2/GB lifetime storage cost. Given the pace of development, increased availability, sizes needed, and potential payoff, I would be surprised if large enterprises and governments didn't have breaking encryption on their radar already. I suppose smaller outfits could plan for that sort of future, but they tend to focus on more immediate money instead of long-term profit.
(Score: 2, Interesting) by Anonymous Coward on Thursday July 07 2022, @07:50PM (3 children)
NSA is always willing to help out with the complicated math stuff.
(Score: 3, Touché) by DannyB on Thursday July 07 2022, @08:48PM
With fiends like the NSA, who needs enemies?
How often should I have my memory checked? I used to know but...
(Score: 2) by MrGuy on Friday July 08 2022, @03:03AM (1 child)
Exactly. I trust NIST as far as I can throw them. You don't get to shill for the NSA one day and then claim to be protecting us the next.
https://miracl.com/blog/backdoors-in-nist-elliptic-curves/ [miracl.com]
(Score: 0) by Anonymous Coward on Friday July 08 2022, @05:36AM
(Score: -1, Spam) by Anonymous Coward on Thursday July 07 2022, @08:41PM
IT'S MMM, MMM GOOD!
---
I am "that shitter" your grandpa warned you about
(Score: 4, Interesting) by looorg on Thursday July 07 2022, @09:17PM
You know you have some serious nerdcreds involved when you have --- CRYSTALS-Kyber vs CRYSTALS-Dilithium (that is Star Wars lightsaber crystals vs Star Trek engine crystals for the less scifi nerdy) for ultimate Star X power!
CRYSTALS-Kyber
https://pq-crystals.org/kyber/index.shtml [pq-crystals.org]
CRYSTALS-Dilithium
https://www.ibm.com/docs/en/zos/2.5.0?topic=cryptography-crystals-dilithium-digital-signature-algorithm [ibm.com]
FALCON
https://falcon-sign.info/ [falcon-sign.info]
SPHINCS+
http://sphincs.org/ [sphincs.org]
(Score: 0) by Anonymous Coward on Friday July 08 2022, @05:31AM (1 child)
I might be wrong but since this is the fourth round of eliminations that has spanned multiple years, I suspect it's a little late to submit something now.
(Score: 2, Informative) by Anonymous Coward on Friday July 08 2022, @05:28PM
No, there is still interest in digital signatures that are shorter and validate faster:
(Score: 2, Funny) by AssCork on Friday July 08 2022, @01:54PM (1 child)
After being gone a few months, I come back and I'm genuinely flattered (really, I am) that so many articles are "AC Friendly" - but I don't understand this obsession to be my friend.
What gives?
Just popped-out of a tight spot. Came out mostly clean, too.
(Score: 2, Informative) by Anonymous Coward on Friday July 08 2022, @05:30PM
Well I, for one, thought your comment was funny.
Welcome back! :)