NIST quantum-resistant algorithms to be published within weeks, top White House advisor says
Update, May 24: Includes correction from NIST about the number of algorithms to be released.
The U.S. National Institute of Standards and Technology (NIST) will release post-quantum cryptographic algorithms in the next few weeks, a senior White House official said on Monday.
Anne Neuberger, the White House’s top cyber advisor, told an audience at the Royal United Services Institute (RUSI) in London that the release of the algorithms was “a momentous moment,” as they marked a major step in the transition to the next generation of cryptography.
The transition is being made in apprehension of what is called a cryptographically relevant quantum computer (CRQC), a device theoretically capable of breaking the encryption “that’s at the root of protecting both corporate and national security secrets,” said Neuberger. NIST made a preliminary announcement of the algorithms in 2022.
Following publication, a spokesperson for NIST told Recorded Future News it was planning to release three finalized algorithms this summer and not four, as Neuberger had said in London.
Conrad Prince, a former official at GCHQ and now a distinguished fellow at RUSI, told Neuberger that during his previous career there had consistently been a concern about hostile states having the capability to decrypt the plaintext of secure messages, although this capability was consistently estimated at being roughly a decade away and had been for the last 20 years.
Neuberger said the U.S. intelligence community’s estimate is similar, “the early 2030s,” for when a CRQC would be operational. But the time-frame is relevant, said the White House advisor, because “there is national security data that is collected today and even if decrypted eight years from now, can still be damaging.”
Britain’s NCSC has warned that contemporary threat actors could be collecting and storing intelligence data today for decryption “at some point in the future.”
“Given the cost of storing vast amounts of old data for decades, such an attack is only likely to be worthwhile for very high-value information,” stated the NCSC. As such, the possibility of a CRQC existing at some point in the next decade is a very relevant threat right now.
Neuberger added: “Certainly there’s some data that’s time sensitive, you know, a ship that looks to be transporting weapons to a sanctioned country, probably in eight years we don’t care about that anymore.”
Publishing the new NIST algorithms is a protection against adversaries collecting the most sensitive kinds of data today, Neuberger added.
A spokesperson for NIST told Recorded Future News: “The plan is to release the algorithms this summer. We don’t have anything more specific to offer at this time.”
But publishing the algorithms is not the last step in moving to a quantum-resistant computing world. The NCSC has warned it is actually just the second step in what will be “a very complicated undertaking.”
Even if any one of the algorithms proposed by NIST achieves universal acceptance as something that is unbreakable by a quantum computer, it would not be a simple matter of just swapping those algorithms in for the old-fashioned ones.
Part of the challenge is that most systems that currently depend on public-key cryptography for their security are not necessarily capable of running the resource-heavy software used in post-quantum cryptography.
Ultimately, the security of public key cryptographic systems relies on the mathematical difficulty of factoring very large prime numbers — something that traditional computers find exhaustingly difficult.
However, research by American mathematician Peter Shor, published in 1994, proposed an algorithm that could be run on a quantum computer for finding these prime factors with far more ease; potentially undermining some of the key assumptions about what makes public-key cryptography secure.
The good news, according to NCSC, is that while advances in quantum computing are continuing to be made, the machines that exist today “are still limited, and suffer from relatively high error rates in each operation they perform,” stated the agency.
But the NCSC warned that “in the future, it is possible that error rates can be lowered such that a large, general-purpose quantum computer could exist,” but it is “impossible to predict when this may happen.”
Alexander Martin
is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.