Post-quatum security Milestone marks start of a long complex journey - Arqit comments
August 2024 by Arqit
The US National Institute of Standards and Technology (NIST) is on the precipice of publishing three standards for post-quantum cryptography (PQC) security algorithms, marking a key milestone in the development of cryptography to safeguard systems from the looming risks posed by quantum computers.
The standards will be the culmination of an eight year-long selection process that NIST began with a call for proposals in 2016. However, the landmark publication will only be the beginning of a long and complicated deployment process that experts are concerned may present new risks and vulnerabilities — and that may not keep pace with the realities of today’s evolving network security needs and even the quantum threat itself.
Roberta Faux, Field CTO of Arqit and former NSA cryptographer, is one such expert that views the journey ahead as overwhelmingly challenging with some organisations needing to look for other options. She comments:
"The impending publication of post-quantum standards is a significant moment for the industry but it’s only the beginning of an arduous and ill-defined migration progress. We are still in the early stages of a fast-moving industry, and unfortunately even the secure implementation of these standards will be a difficult process — and that’s without even considering that quantum cryptography experts like Michele Mosca fear these lattice algorithms may even be broken within a decade. The German and French governmental cyber security agencies are shying away from endorsing the NIST post-quantum key exchange.
"These aren’t ’drop-in’ solutions. As we migrate systems, we will find all kinds of interoperability issues, alongside the plethora of vulnerabilities and downtime that come from making systems more complex. It’s a long-term project with a lot of uncertainty.
"Establishing quantum-resilient systems will require multiple layers of security, not PQC alone. Other options such as symmetric key agreement (SKA) algorithms offer networks protection against quantum risks today that is easily integrated. Symmetric key agreement is endorsed by NIST and has been given the seal of approval from the NSA. These approaches can be easily added to existing networks for security against the impending threats related to quantum computing. For the high value data, organisations need to rely on mature algorithms such as AES while lattice cryptography gains maturity."