Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Post-quatum security Milestone marks start of a long complex journey - Arqit comments

August 2024 by Arqit

The US National Institute of Standards and Technology (NIST) is on the precipice of publishing three standards for post-quantum cryptography (PQC) security algorithms, marking a key milestone in the development of cryptography to safeguard systems from the looming risks posed by quantum computers.

The standards will be the culmination of an eight year-long selection process that NIST began with a call for proposals in 2016. However, the landmark publication will only be the beginning of a long and complicated deployment process that experts are concerned may present new risks and vulnerabilities — and that may not keep pace with the realities of today’s evolving network security needs and even the quantum threat itself.

Roberta Faux, Field CTO of Arqit and former NSA cryptographer, is one such expert that views the journey ahead as overwhelmingly challenging with some organisations needing to look for other options. She comments:

"The impending publication of post-quantum standards is a significant moment for the industry but it’s only the beginning of an arduous and ill-defined migration progress. We are still in the early stages of a fast-moving industry, and unfortunately even the secure implementation of these standards will be a difficult process — and that’s without even considering that quantum cryptography experts like Michele Mosca fear these lattice algorithms may even be broken within a decade. The German and French governmental cyber security agencies are shying away from endorsing the NIST post-quantum key exchange.

"These aren’t ’drop-in’ solutions. As we migrate systems, we will find all kinds of interoperability issues, alongside the plethora of vulnerabilities and downtime that come from making systems more complex. It’s a long-term project with a lot of uncertainty.

"Establishing quantum-resilient systems will require multiple layers of security, not PQC alone. Other options such as symmetric key agreement (SKA) algorithms offer networks protection against quantum risks today that is easily integrated. Symmetric key agreement is endorsed by NIST and has been given the seal of approval from the NSA. These approaches can be easily added to existing networks for security against the impending threats related to quantum computing. For the high value data, organisations need to rely on mature algorithms such as AES while lattice cryptography gains maturity."


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts