Quantum security’s world cup just concluded with four winners left standing

In 2016, 82 algorithms entered what can be described as the world cup of quantum security, hosted by the US National Institute of Standards and Technology (NIST). These 82 “teams” represented the most advanced cryptographic research from academia and industry. But over the course of eight years, each of these algorithms underwent arduous trials as some of the world’s best cryptanalysts used every means at their disposal to crack them. One after one, they fell until only a handful remained.

This week NIST’s world cup reached its conclusion. Four finalists emerged: CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and Falcon (there is clearly a science fiction theme to the algorithms’ names). NIST officially standardized the first three algorithms, while the fourth, Falcon is on track to be standardized soon.

This is a momentous decision for the field of post-quantum cryptography (PQC). NIST’s approval of these algorithms means they can now move to the different industry standardization bodies, which will make them part of internet, network and data encryption standards that protect the world’s information. These PQC standards will be key to creating quantum-safe networks and products. The new algorithms will become powerful weapons in our growing quantum-security arsenal, defending us against the inevitable quantum computing attacks of the future.

Preparing for Q-Day

Quantum computing is still in its nascent stages. Today we’re in what’s known as the noisy intermediate-scale quantum era, which means we can create basic quantum computers. These computers, however, can’t solve real problems because their lack of stability produces far too many errors — or noise — to perform calculations efficiently.

But as further breakthroughs make quantum computers more fault-tolerant, they will become capable of solving mathematical problems of ever-increasing difficulty. Eventually, these computers will be powerful enough to break the most widely used encryption systems protecting our data and communications. The day this cryptographically relevant quantum computer (CRQC) goes live is known as Q-Day, which is essentially when all classical encryption methods become obsolete.

Q-Day is anywhere from 10 to 25 years in the future, depending on whom you ask. But while we may not see a CRQC for at least another decade, quantum security is a threat we need to take seriously today. The reason is simple. Any information we safeguard with asymmetric classical encryption methods today would be exposed when Q-Day occurs. Cryptography experts believe that enterprising hackers are harvesting and storing massive volumes of encrypted sensitive data, ranging from consumer identity information to state secrets. These hackers may not be able to expose this data today, but they are betting that this information will still be of tremendous value when CRQCs come online.

This is where quantum-safe networking technologies like PQC come into play. PQC algorithms like those NIST just approved will create a new generation of asymmetric encryption that a CRQC theoretically can’t crack. Basically, encryption algorithms are based on very difficult mathematical problems that take upwards of thousands of years for a conventional computer to solve. The sheer calculative power of a CRQC, however, can shorten that interval to days, if not hours. What PQC algorithms seek to do is use our understanding of quantum computing to create new mathematical problems that a CRQC would take a very long time to solve. These post-quantum encryption algorithms aren’t technically uncrackable, but theoretically it would take tens of thousands of years to crack them, which would make this encryption, for all practical purposes, unbreakable.

The next step for PQC

With NIST’s stamp of approval on this initial batch of PQC algorithms, we hope to see a lot of meaningful progress in quantum security. Some companies have already begun integrating these algorithms into the security protocols of specific applications and services. For instance, Apple is using Kyber to create post-quantum encryption in iMessage, while Amazon is using Kyber in AWS.

But large-scale proliferation of PQC comes after global standards bodies get involved. Organizations like 3GPP and the Internet Engineering Task Force (IETF) are now taking up quantum-safe algorithms, incorporating them into the security protocols of future standards releases. Nokia is a leading voice in many of the industry standardization bodies that are now taking up PQC, and we plan to ensure that these algorithms take a prominent place in any future networking and communications standards. It’s vital to our customers that we do so.

This kind of standardization is key for industries like telecommunications and internet services, where hundreds of different companies are providing the different hardware, device and software components of a network. Like any security protocol, PQC must be implemented consistently across all exposed elements in the network chain, because any link that isn’t quantum safe will become the focal point of any data harvesting attack.

Over the next few years, we will see more and more PQC-enhanced products enter the market. At first, they will likely use hybrid approaches to security, utilizing both classical and post-quantum encryption schemes, as Apple and Amazon have done. But as quantum-security technologies advance and are further tested in the market, PQC will likely replace classical asymmetric encryption methods.

To be clear, we still have a lot more testing and verification ahead of us. In NIST’s trials, security experts subjected Kyber, Dilithium, SPHINCS+ and Falcon to every classical and quantum hack conceivable, beating out dozens upon dozens of other algorithms. But we can never be 100% sure that these algorithms can truly withstand a quantum attack. We have long understood the methods quantum computers will use to decrypt data in the future, and we have used that knowledge to rigorously test PQC on a theoretical level. But the simple fact remains: no quantum computer yet exists powerful enough for us to test these algorithms empirically.

Moreover, data security has always been, and will continue to be, a moving target. While we are as certain as we can be that these initial PQC algorithms can protect us against the first wave of quantum attacks, quantum threats will only increase in sophistication. An ingenious hacker could develop a better methodology for cracking post-quantum encryption keys or a more powerful CRQC could emerge. Additionally, several recently published academic papers have demonstrated that concepts employed in AI could be exploited to attack PQC. These AI methods are nowhere near breaking PQC algorithms, but their very existence means we can’t underestimate the power of AI as a future cryptanalysis tool.

Consequently, the ICT industry is exploring multiple means of safeguarding our networks against quantum attacks — not just mathematical approaches like PQC. This defense-in-depth strategy to quantum security includes physics-based solutions like pre-shared keys with symmetric distribution and quantum-key distribution (QKD), which would make it impossible for attackers to intercept encryption keys. By implementing multiple lines of defense, we can ensure our data remains protected even if one line is breached.

As for PQC, our work is not done just because we have the first wave of PQC algorithms.

NIST is already preparing for its next world cup, accepting further PQC algorithm submissions from around the globe, including from Nokia. We are part of the team that created the digital-signature algorithm ALTEQ, which leverages the mathematical difficulty of isomorphism problems to generate encryption that’s considered hard for a CRQC to solve.

ALTEQ and many other new PQC algorithms will be put through the same grueling challenges to which Kyber, Dilithium, SPHINCS+ and Falcon were subjected, plus any new trials the security community can think of. In a few years, it’s entirely likely we will crown new winners. And that would be a good thing. The more we innovate and improve, the more secure our data will be in the future.

Aritra Banerjee is a Senior Research Scientist in Nokia Standards leading quantum-safe standardization efforts. His research interests span cryptography, quantum technologies, security, privacy-preserving technologies and machine learning trends.

Connect with Aritra on: Aritra Banerjee | LinkedIn , Aritra Banerjee (@AriCryptogapher) / X

Dimitrios Schoinianakis is a Senior Security Researcher in Nokia Bell Labs. His research interests evolve around privacy-preserving technologies, post-quantum cryptography, algorithm optimization and unconventional arithmetic systems. He holds several patents with Nokia Bell Labs. He is a Senior Member of IEEE and a member of the Technical Chamber of Greece.

Connect with Dimitrios on:  Dimitrios Schoinianakis | LinkedIn

About Nokia

At Nokia, we create technology that helps the world act together.

As a B2B technology innovation leader, we are pioneering networks that sense, think, and act by leveraging our work across mobile, fixed and cloud networks. In addition, we create value with intellectual property and long-term research, led by the award-winning Nokia Bell Labs.

Service providers, enterprises and partners worldwide trust Nokia to deliver secure, reliable and sustainable networks today – and work with us to create the digital services and applications of the future.

Media inquiries

Nokia Communications, Corporate

Email: Press.Services@nokia.com
 

Follow us on social media

LinkedInTwitterInstagramFacebookYouTube