Real quantum computers may not exist yet, but the cryptography to beat them may already be

In today’s global environment, fast and secure information sharing is important. Strong encryption algorithms and secure protocol standards are essential tools that help meet the ever-present need for secure and interoperable communications. The National Institute of Standards and Technology (NIST) has recommended standardizing four encryption algorithms to ensure data protection as quantum computers become more powerful.

Currently, Suite B encryption algorithms are defined by NIST and used by the National Security Agency (NSA) in certified solutions to protect security systems. The National Security Agency announced in 2015 its intention to move away from quantum-resistant encryption algorithms, in anticipation of the time when quantum computers would allow access to data encoded by existing algorithms, such as Advanced Encryption Standard (AES) and RSA.

Remember that quantum computing exploits the common properties of quantum states, such as superposition, interference, and entanglement, to perform calculations. Although current quantum computers are too small to outperform regular (classical) computers for practical applications, they are thought to be able to solve some computational problems, such as the integer factorization (which underpins RSA encryption), much faster than computers traditional.

Building on the experience gained during the deployment of Group B, the NSA decided to start planning and quickly communicating about the upcoming transition to quantum resistance algorithms. The ultimate goal is to provide effective security against a potential quantum computer. We are working with US government partners, vendors and standards bodies to ensure there is a clear plan in place for a new set of openly and transparently developed algorithms that will form the basis of our next set of cryptographic algorithms, the organization says.

Until this new array is developed and products that implement the quantum resistance array become available, the NSA will rely on existing algorithms. For partners and vendors who have not yet transitioned to Suite B elliptical curve algorithms, the NSA recommends not incurring significant expenditures at this point, but instead prepare for the next transition to quantum resistance algorithms.

For vendors and partners who have already made the move to Suite B, we understand that it has been a lot of work on your part, and we thank you for that. We look forward to your continued support as we work together to improve the security of national security agents’ information against a quantum computer threat in development. Unfortunately, the growth in the use of the elliptical curve coincided with the continued advances in quantum computing research, which have clearly shown that elliptic curve coding is not the long-term solution that many hope for. So we had to update our strategy.

AES is a specification for electronic data encryption created by NIST in 2001. Because a single encryption algorithm cannot meet all the needs of the national security community, the NSA has created a larger set of encryption algorithms, called Suite B, that can be used with AES in systems. In addition to AES, group B includes cryptographic algorithms for hashing, digital signatures, and key exchange.

According to RFC 6460, to comply with Suite B TLS 1.2, the server and client must negotiate the following encryption algorithms:


RFC 6460 also lists the Suite B transition profile for TLS 1.0 and TLS 1.1. Clients and servers that do not support Suite B TLS 1.2 afterwards must negotiate with the following encryption algorithms:


It is important to note that the NSA does not require vendors to stop implementing Group B algorithms, nor does it require NSA agents to stop using these algorithms. Instead, we want to give more flexibility to our suppliers and our customers today, as we prepare for a future of quantum security.

When elliptical curve protocols are used, we prefer to use Group B criteria whenever possible, as they have a long history of evaluating time-tested safety and implementation over more recent proposals,” continues the NSA.
Nobody knows exactly when that might happen, but it depends on how many qubits, qubits, and a quantum machine can assemble, and other factors, such as error correction.

Last year, researchers from Google and Sweden suggested that it should be possible to parse a 2,048-bit integer in RSA cipher in about eight hours, using a 20-million-kilobit quantum computer. French researchers claim that it should be possible to parse 2048 bits of RSA integers in 177 days using 13,436 bits and multi-mode memory.

We take into account factors that are usually overlooked, such as noise, the need for frequent retry, and the spatio-temporal layout of the computation. When taking 2048-bit RSA integers into account, our build’s spatio-temporal size is hundreds of times smaller than similar estimates from previous work, they said.

Current quantum computers contain qubits orders of magnitude smaller than they should be relevant to cryptography. IBM recently unveiled a 127-qubit quantum processor. CEO Arvind Krishna said the company has built a quantum processor capable of processing information that is too complex to perform or simulate work on a conventional computer. The new quantum processor dubbed Eagle can handle 127 qubits, and IBM says it has taken a big step toward practical quantum computing. He added that he has reached a milestone that allows quantum computing to surpass the power of a traditional computer.

The computing giant also says it wants to produce a 1,000-kilobit chip by the end of 2023, and its roadmap calls for machines with more than a million qubits in an unspecified period.

In order to accommodate more bulky appliances other than Condor, we are developing a commutation refrigerator larger than any commercially available today. This roadmap puts us on the path to future processors with more than 1 million qubits thanks to cutting-edge knowledge, multidisciplinary teams, and an agile methodology that improves each element of these systems. All along, our hardware roadmap is at the center of a larger mission: designing a full-stack quantum computer that is deployed through the cloud and can be programmed by anyone in the world.

In any case, it is expected that quantum computers will one day be able to launch practical attacks on data protected by current technology, in other words, to forcibly decrypt data encrypted using existing algorithms. That’s why the White House issued a national security memorandum in May stressing the need to strengthen quantum computing and mitigate the risks it poses to cryptography.

The memorandum outlines the steps needed to maintain the United States’ competitive advantage in quantum information science, while mitigating the risks quantum computers pose to the nation’s cyber, economic, and national security. It tells agencies what specific steps to take when the United States begins a multi-year process to migrate vulnerable computer systems to quantum-resistant encryption.

The main concern is that data protected by current encryption algorithms must often remain secure for a period of time, perhaps up to 75 years for state secrets, banking information and medical data. For some analysts, waiting to see what quantum computers can do in a few decades would not be a reasonable safe situation.

NIST has been on the ball since 2017, when it started with a set of 82 cryptographic algorithms as part of the Post Quantum Cryptography (PQC) standards process. Of these, 69 candidates were considered fit enough to participate in the first round. In 2019, twenty-six advanced to the second round. In 2020, seven candidates advanced to the third round, with eight substitutes.

The third round is now complete and four candidate algorithms for standardization have been recommended, meaning they are likely to be adopted by companies and suppliers seeking compliance with NIST. NIST will recommend two main algorithms to apply in most use cases: CRYSTALS-KYBER (key generation) and CRYSTALS-Dilithium (digital signatures), NIST said in its statement. In addition, the signature schemes FALCON and SPHINCS+ will also be unified.

For algorithms progressing to Round 4, NIST will allow dispatch teams to submit updated specifications and implementations. The deadline for these updates is October 1, 2022. NIST will review proposed changes and publish accepted submissions. In general, NIST expects the changes to be relatively minor. The National Institute of Standards and Technology defines: Round 4 will be held in the same manner as the previous rounds.

Sources: NIST, NSA

And you?

What do you think about the matter?

See also:

IBM publishes its roadmap for the next developments in quantum computing, and the company plans to build a quantum processor with more than 1,000 qubits in 2023

IBM says it has created a new quantum chip so that it can’t be simulated by ‘powerful’ traditional supercomputers, and China once again challenges Google’s quantum supremacy

Google was going to conduct the first real experiment establishing quantum supremacy with a system that solves in 3 minutes a calculation that takes 10,000 years to solve on a supercomputer

Leave a Comment