The agency continues its post-quantum cryptography push as it looks to create guidance for all sectors:
The latest step in post-quantum cryptography guidance is helping organizations identify where current public-key algorithms will need to be replaced, as the National Institute of Standards and Technology continues its push to fortify U.S. digital networks ahead of the maturity of quantum computing.
A new draft document previews—and solicits public commentary on—NIST's current post-quantum cryptography guidance.
Current goals outlined in the working draft include helping entities locate where and how public key algorithms are utilized in encryption schemes, developing a strategy to migrate these algorithms to quantum-resilient substitutes and performing interoperability and performance testing.
[...] A major theme of the document is to help organizations understand the security architecture in their networks so that they firmly grasp where post-quantum security measures will need to be implemented and where to prioritize modernization. NIST also aims to compile a definitive inventory of software vendors to support post-quantum cryptography migration.
[...] The new guidance follows NIST's ongoing effort to finalize its quantum-resistant algorithms in 2024 after identifying four in 2022.
Originally spotted on Schneier on Security.
Related: 2023 Will See Renewed Focus on Quantum Computing
« Babylon 5 Animated Movie | Europe’s Major Satellite Players Line Up to Build Starlink Competitor »
Related Stories
2022 has been a big year for quantum computing. Over the summer, National Institute of Standards and Technology (NIST) unveiled four quantum computing algorithms that will be eventually turned into a final quantum computing standard, and governments around the world boosted investments in quantum computing. 2023 may be the year when quantum finally steps into the limelight with organizations preparing to begin the process of implementing quantum computing technologies into existing systems. It will also be the year to start paying attention to quantum computing-based attacks.
"In 2023, we'll see both the private and public sector's increased awareness around the challenges associated with quantum resilience, and we'll see efforts begin to take hold more significantly to prepare for quantum computing," says Jon France, CISO of (ISC)2.
McKinsey recently noted the amount of money different countries have allocated for quantum computing to date — China leads the pack with $15.3 billion in public funds in quantum computing investments. The European Union governments combined have invested $7.2 billion, which dwarfs the US with $1.9 billion.
[...] There is also a lot of investment activity in the private sector, with start-ups focused on quantum technologies collecting $1.4 billion in funding in 2021 alone, McKinsey said. Nearly half (49%) of those private investments are in companies in the United States, compared to just 6% in China, the analysts noted.
"Building cyber resilience in preparation for quantum technology should have been an effort started a decade ago ... but now is the second best time," France says. However, for both private and public sector organizations, the process of making infrastructure "quantum-resilient" will be a difficult and slow one.
[...] In a recent survey from Deloitte, enterprises said without external pressure — such as regulatory and compliance requirements — they won't be prioritizing quantum security initiatives.
(Score: 5, Informative) by Rosco P. Coltrane on Saturday May 06, @01:24AM (6 children)
People still think encrypted data flies safely from computer to computer and then disappears into thin air once used. That's not the case: every bit of data ever produced, encrypted or not, is archived nowadays.
When the enemy - state or corporate surveillance actors - stores all data, when the computers of tomorrow become powerful enough to break today's cryptographic schemes, they'll go back to their archives and they'll know everything there is to know about all of us. Encryption today is only good to protect your data today. But you should consider it public, and therefore a huge liability tomorrow.
(Score: 3, Interesting) by legont on Saturday May 06, @03:15AM (1 child)
I imagine nice tax revenue jump once all the bank's traffic for the last 20 years becomes transparent to IRS.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 1, Touché) by Anonymous Coward on Saturday May 06, @04:32AM
It can be difficult to get two intelligence agencies to cooperate with each other, much less the NSA and IRS.
(Score: 4, Insightful) by maxwell demon on Saturday May 06, @05:03AM
The question is, of course, whether the data is still relevant at that time. That of course depends on what you are doing. If you are a journalist who needs to protect your sources, decryption even in 20 years matters a lot. If the secret you're protecting is your password, that information will be obsolete as soon as you change your password, or delete whatever that password was used for.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by gnuman on Saturday May 06, @01:27PM (2 children)
Yeah, well, there is a difference between public key crypto and symmetric-key cryptography. The latter is not really affected by quantum computers. I can encrypt something with symmetric keys and boom, it's safe. Things like password protected files are symmetric keys. LUKS crypto on Linux, etc..
I wouldn't be so sure about that...
Who is this "they"?? The government? The one that gives your driver's license? The one that could get a warrant and arrest you? The one that controls the police, army, etc?
Or is this "The Chinese government" (or pick some foreigners)? They care about you? Will they go after you where you live?
I find these notions of "they" amusing because it's never specific, just "they". And these "they" somehow can't affect you until they decrypt your password to soylentnews?
And finally, even if you had quantum computers capable of decrypting DH and ECDH, who are you going to spend resources on decrypting their "secrets"? Everyone? HA! ETOOMUCHDATAANDEFFORT. Just because you have QC, doesn't mean it will be free to decrypt.
https://arstechnica.com/information-technology/2023/01/fear-not-rsa-encryption-wont-fall-to-quantum-computing-anytime-soon/ [arstechnica.com]
(Score: 2) by VLM on Saturday May 06, @03:29PM (1 child)
As a specific example, you miss the "next door neighbor" of this post where the padlock is going away from chrome browser AND there are infrastructure hits that'll be possible.
So if I were a totalitarian corporation-state like the USA or China, I'd use my ability to break RSA to silently MITM 'interesting' websites. Interesting as in blackmail potential, not just internal security.
Another novelty is once its accepted that every nation and large corporation can break legacy encryption, then its "safe" to sell anything to anyone because if caught you just blame generic 'hackers'. So in Europe it might technically be illegal for facebook to sell private user data, but thats OK, once RSA is broke then anyone at facebook can sell anything they want to anyone and in the unlikely event its detected they can just blame "chinese-russian-israeli hackers" thus get away with it.
(Score: 2) by gnuman on Sunday May 07, @01:21PM
The "padlock" is going way because it's meaningless. Go to httpforever.com and you'll find a nice warning "insecure site" instead. Padlock is meaningless in a world where 99% of all sites are over https. If you wish to worry about something, worry about the hundreds of CAs that could issue a certificate for MITM attack.
Also, when I wrote "never specific", I meant, who is "they" you keep referring to? Who is they that will ruin your life if they can decrypt some old message you sent? I'm quite certain there is nothing that someone could decrypt that would implicate me in any crime.... If you make examples like "but in Russia, it's not totalitarian state and police there could arrest you for XYZ" ... in states that like that, you don't need proof for arrest. You arrest and beat out the "proof". So, that would be a bad example.
So, I see what you did there and try to conflate the two as exactly the same -- they are not. Also, at state level, you have access to much more firepower than just breaking crypto -- you can just hijack the target's phones or laptop or whatever and then you don't need to break anything. And if that fails, and they are in your jurisdiction, you could always just grab them, no? And like I already wrote, MITM "interesting websites" doesn't require breaking RSA. There are much simpler methods.
Does the same logic applies to drugs then? Oh wait, still illegal.
(Score: 2) by VLM on Saturday May 06, @03:19PM
Nobody wants to talk about the interesting choices? The list seems to randomly change each round.
https://en.wikipedia.org/wiki/NIST_Post-Quantum_Cryptography_Standardization [wikipedia.org]
Now does that mean 'they' have a crack for SPHINCS or does it mean SPHINCS is tougher than believed a couple years ago?
I see FALCON did not make it past round #3. I always like FALCON. I tried to make my own python of it and didn't get too far but its interesting reading. EE types are like moths to a flame for anything related to a FFT, LOL.
Yes I already know about https://github.com/tprest/falcon.py [github.com] the point of my goofing around was to learn about FALCON not to create a competitor or actually ship code.