Quantum computing accelerates the computation of certain types of algorithms, giving it the potential to solve some of the world’s most intractable problems in medical treatments, materials science, chemical engineering, pharmacology, and more. This grand potential, however, comes with an asterisk that cannot be ignored. Quantum computers will be able to break much of the cryptography that is currently used in our worldwide digital infrastructure for secure digital transactions, including everything from e-commerce to national security.
Specifically:
- Quantum computers can weaken symmetric cryptography because Grover’s algorithm (1996) speeds up unordered searches.
- Quantum computers will break public key cryptography because Shor’s algorithm (1994) solves integer factorization and discrete log.
What Are the Threats?
Both symmetric and public key crypto are used pervasively in our digital world. Symmetric crypto, which uses the same key for encryption and decryption, is typically used for keeping data confidential. Public key crypto uses two keys — a public key and a private key that are uniquely linked. Public key crypto is used for key exchange, digital signatures and encryption. For example, a private key is used to sign a message and a public key is used to verify the authenticity of the signature.
The implications of quantum attacks on symmetric and public key crypto poses risks to the following:
- Private data: Sensitive data transmitted over the internet is prone to the harvest now, decrypt later (HNDL) threat. HNDL refers to the problem of adversaries harvesting or saving encrypted data now so that they can decrypt it later when quantum computers are available. Personal health and financial records, trade secrets, and more may be exposed.
- Secure software updates: Public key algorithms currently used to authenticate software updates are likely to be broken, leaving cell phones, laptops, and other connected devices vulnerable to malicious updates.
- Secure internet transactions: Quantum computers can undermine existing protocols that ensure secure internet transactions such as banking and online purchases.
The good news is that in August 2024, NIST released a set of post quantum crypto standards designed to withstand attacks by quantum computers. NIST encourages computer system administrators to begin transitioning to the new standards as soon as possible.
Private data: Both symmetric and public key crypto algorithms resistant to quantum attacks are required to address the data harvesting (HNDL) problem. For symmetric crypto, NIST has defined standards with increased key and digest sizes such as AES-256 and SHA-384. NIST recently announced a new FIPS 203 public key standard for establishing shared secret keys called Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), previously known as CRYSTALS-Kyber.
Code signing applications: Secure updates of code such as software and firmware involve authentication and signing with cryptography that is resilient to quantum attacks. In 2020, NIST approved two stateful hash-based signatures (SP 800-208) suitable for code signing applications — eXtended Merkle Signature Scheme (XMSS) and Leighton-Micali Signature (LMS). Additionally, NIST recently announced two stateless digital signature standards: FIPS 204 Module-Lattice-Based Digital Signature Algorithm (ML-DSA), previously known as CRYSTALS-Dilithium, and FIPS 205, Stateless Hash-Based Digital Signature Algorithm (SLH-DSA). Developed by an international team including researchers at Intel, FIPS 205 uses the SPHINCS+ algorithm. This standard defines a method for generating digital signatures for detecting unauthorized modification of code and verifying identity of the code signer. The security of the SLH-DSA algorithm relies on the difficulty of finding preimages and collisions in hash functions.
Secure internet transactions: The new NIST standards FIPS 203 for key encapsulation and FIPS 204 and FIPS 205 for digital signatures can be used to secure protocols such as TLS against quantum attacks.
How the Industry Can Prepare for the Future
The PQC standards are expected to be adopted by both industry and federal agencies. NIST encourages computer system administrators to begin transitioning to the new standards as soon as possible by doing an inventory of their systems for applications that use encryption and prioritizing components for migration. The U.S. government’s National Security Agency has released an advisory Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) that specifies requirements and a timeline for migrating national security systems based on classical crypto to post-quantum cryptography. The industry is closely following these guidelines.
Quantum computing presents a new threat that will require the entire industry to collaborate to develop and deploy solutions. To be quantum-resistant by 2030, the time to act is now. Intel is developing a rich cryptography technology pipeline to lead the industry with innovations that are quantum-resistant, like built-in crypto acceleration in the 3rd Generation Intel® Xeon® Scalable platform that provides for next-generation security without sacrificing performance.