Will These Algorithms Save You From Quantum Threats?

Peter Shor was a Bell Labs mathematician. To break large numbers down into their multiples, using less computing resources, was a threat to upend many of our most popular methods of security.

Fortunately for the thousands of email providers, websites, and other secure services using factor-based encryption methods such as RSA or elliptic curve, the computer needed to run Shor's algorithm didn't exist yet

Huge strides have been made towards building practical quantum computers, and government and private researchers have been racing to develop new quantum-proof algorithms that will be resistant to the power of these new machines. The National Institute of Standards and Technology, a division of the US Department of Commerce, has been running a competition for the last six years to find the best way to protect our data against quantum computers. The results were released this week.

Hundreds of entries from all over the world have been narrowed down to just four, CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON, and SPHINCS+, for use in digital signatures during identity verification or when signing digital documents. The leader of the post-quantum cryptography project at NIST says that people need to understand the threat that quantum computers pose to cryptanalysis. The first thing we have to do is standardize the ones that are vulnerable.

Three of the four new ciphers use a complicated mathematical problem that is likely to be difficult for even quantum computers to wrestle with. Unless you know the right way to navigate, structured lattices are very difficult to navigate. The sender of a message will use the recipient's public key but only the receiver will have the keys to decode it. The keys are factors and they are difficult to determine if you have to work backwards or not. The keys are based on directions through the maze of a structure.

It will be a few years before these standards are published, but it is a big moment. For the first time, we have something to use against quantum threats.

Even though quantum threats are decades away, security experts warn that bad actors will try to harvest data with the expectation that they will eventually have a quantum computer that will be able to access them. More data will be vulnerable if it takes more time to implement quantum-proof security. Rob Young, a Lancaster University quantum researcher, says that a lot of sensitive data that could be gathered now is also time sensitive.