The National Institute of Standards and Technology has selected four candidates to form the basis of future data-protection technologies to resist attack by quantum computers, the US science agency said on July 5.
NIST has also advanced four other candidates for additional scrutiny and has called for more proposals for digital signature algorithms by the end of summer.
Security experts have warned that practical quantum computers, which could be less than a decade away, could break many of today’s popular encryption algorithms, such as RSA and elliptic curve cryptography — hence the need for post-quantum cryptography (PQC). The selection is part of a long standardization process that will continue, likely resulting in actual standardized algorithms in 2024.
Once the PQC algorithms are turned into a final standard, companies would be advised to use the recommendations, says Dustin Moody, a mathematician in the computer security division at NIST.
“The point of our standardization project was to identify the most promising solutions, and we feel we’ve done that,” he says. “We expect the algorithms we standardize will be widely adopted and implemented by industry and around the world.”
Quantum Looms to Break Encryption
The selection of the four algorithms marks the latest milestone in the effort to future-proof current data-security measures against what is sometimes known as the “store-and-break threat.” The problem is not just whether adversaries have the ability to decrypt a message today, but whether they can develop the ability to decrypt the message in the future.