Companies working on classified U.S. government projects may soon be required to use encryption algorithms that protect their data and technology from quantum computer attacks. Bloomberg reports that in July, the National Institute of Standards and Technology (NIST), an agency of the U.S. Department of Commerce, plans to designate three encryption algorithms that it believes are sufficient to protect against the threat of quantum computers.
The report says these algorithms will be a significant step toward “quantum cryptography” for U.S. government contractors, establishing international standards for protecting everything from state secrets to online transactions. added.
“Breaking codes not only threatens national security secrets, but also threatens the security of the Internet, online payments, and banking transactions,” White House Deputy National Security Adviser Anne Neuberger said in the report. He is reported to have said. “The rollout of the standard will begin the transition to next-generation encryption.”
The looming quantum threat
Quantum computers harness the principles of quantum mechanics and promise significantly greater processing power in certain types of computations, potentially making current cryptographic methods vulnerable.
Quantum computers capable of such attacks do not yet exist, but the threat of their future existence is being taken seriously by governments, including the US and UK. One of the biggest risks is that a well-equipped adversary may adopt a “collect now, decrypt later” approach and collect sensitive information in the hope that it can be decrypted someday while it still has strategic value. It is possible to collect.
In 2022, the U.S. Senate unanimously passed a bill addressing quantum threats to cryptography, giving government agencies the authority to require contractors to comply with encryption standards defined by NIST.
In July of that year, NIST selected four encryption algorithms to be part of the agency's quantum cryptography standards. At the time, Commerce Secretary Gina M. Raimondo welcomed the announcement, praising it as “an important milestone in protecting sensitive data from potential future cyberattacks powered by quantum computers,” and said, “Thanks to NIST's expertise and commitment to cutting-edge technology, we can take the steps necessary to protect electronic information, so American businesses can continue to innovate while maintaining their customers' trust and confidence.”
Three of the four algorithms, CRYSTALS-Khyber, CRYSTALS Dilithium, and SPHINCX+, are already standardized and expected to be available this year in 2024, NIST said in an announcement last year. It now looks like that could happen by July. A draft standard for the fourth algorithm, FALCON, will be released in about a year, the announcement added.
Companies seeking or holding federal contracts will have to comply with these standards by 2035, with those working in the most sensitive sectors being asked to adopt them early, Bloomberg reported. “It's in the companies' own interest to lead the way there,” Neuberger was quoted as saying in the report.
