The National Institute of Standards and Technology recently completed the third round of the Post Quantum Crypto (PQC) standardization process. This milestone was long-awaited, and even though we are one step closer to a PQC standard, the race is not over yet.
PQC represents a new generation of cryptographic algorithms designed to withstand brute-forcing attacks from future quantum computers. While these machines do not yet exist, preparing for their eventual emergence is essential. Experts predict that quantum computing could become practical before the end of this decade. Some cryptographic applications do require a long period of secrecy, early preparation is not merely advisable but necessary.
But there is another reason to be working on PQC standardization. Building trust in new cryptographic algorithms takes a lot of time. AES, the dominant symmetric algorithm, was selected in the year 2000 after an exciting process where scientists around the world made proposals and scrutinized the various candidates. Even though NIST and the crypto community were enthusiastic about their choice, it took a decade to replace legacy technology. This was partly due to users wanting to evaluate whether the initial applications could withstand real-world threats, where adversaries had tangible incentives to invest in attacks. Another factor was the cost of the upgrade, compounded by the complexities of dependencies in globally connected systems.
With the completion of the third round, NIST selected a preferred signature algorithm and a preferred key encryption algorithm. Since there is still doubt about the new technology, two alternative candidates have been chosen, and the fourth round was started to evaluate four more candidates. Surprisingly, two new attacks emerged in a very short time, effectively terminating SIKE — one of those four candidates. This incident proves that a diligent and iterative process is beneficial, even though the slow pace is painful.
Developers working on crypto products that need to support long-time secrecy may now find the time is right to implement and deliver their implementations, but users should remain a little cautious, as more surprising weaknesses may still surface.
If you have any questions, contact us at [email protected].