News From the NIST Post-Quantum Crypto Process
In order to counter the quantum cyber security threat, which will break current asymmetric cryptography, NIST has launched a process to select and standardize new resilient algorithms (Post Cryptography Standardisation). The open selection process started in 2017, with a first round of 69 proposed algorithms, which were presented, analysed and attacked by the crypto community. We are now in the final stage of the third round, with seven finalists, three algorithms for signature and four for key exchange. The final selection is expected next month.
Recently, a new classical attack on one of these finalists, the Rainbow algorithm, was announced on the PQC forum and published (Read Article). The validity of this attack was quickly acknowledged and will probably lead to the abandonment of this algorithm. The fact that this attack was only discovered so late in the process demonstrates two important points.
Second, even after this analysis, there is still a distinct risk that a new algorithm may fail, either classically or from a new quantum attack. This is why, at ID Quantique, we advocate adding another layer of safety by using quantum technologies, such as quantum random number generation (QRNG) and quantum key distribution (QKD). QRNG can and should be used for all key generation processes. QKD can also be applied today for long-term protection of communication backbones and metropolitan networks.
QKD Networks and the future Quantum Internet will expand the scope of applications much further. The future of cybersecurity will only be achieved by a combination of all available technologies, from both the mathematics side and the quantum side.