Gossip About Gossip: NIST Post-Quantum Cryptography Standard
Recent breakthroughs in quantum computing bring a lot of promise, questions, and concerns about what quantum computing technology means for the cryptography world. Rohit Sinha, Head of Cryptography, Swirlds Labs, discussed the latest status of quantum computing, some of the threats it poses to cryptography, and updated NIST (National Institute of Standards and Technology) standards to provide additional layers of security against quantum algorithm threats.
Sinha said quantum computing’s skill and ability to solve math problems threaten cryptography. “Cryptography, in its essence, relies on the hardness of certain math problems; for example, factoring numbers into primes or solving discreet lab problems. And all the cryptography used all over the internet, including various distributed ledgers, banking systems, and so on, all that cryptography does rely on these assumptions, and some of those assumptions are challenged by increasingly sophisticated quantum machines.”
The concern for cryptographers is this level of sophistication leading to more frequent, dangerous, and unstoppable cyber-attacks. “For one, there is this Grover’s Attack, or Grover’s Algorithm, which is a way for quantum computing to brute force through a large space of different solutions,” Sinha said. “And that could be used to figure out the cryptography key to protect your system,” Sinha said. The current best, and easiest solution to guard against this type of attack, is to use longer encryption keys.
The Shor’s Algorithm is a second quantum algorithm that’s harder to defend. This algorithm could affect public key encryptions and signature schemes. “And signature schemes are used all over the place in distributed ledgers,” Sinha said. “We use signatures to authorize transactions, and that’s one thing where quantum computing can potentially impact security. For that reason, the NIST announcement is of importance,” said Sinha. NIST governs technology standards and creates a competition to generate algorithms that could provide a standard to protect cryptography from new threats posed by quantum computing algorithms.