Quantum Security Standards to Be Announced Soon

The National Institute of Standards and Technology (NIST) is set to announce new post-quantum cryptography standards for public key signature and key exchange algorithms in the coming weeks. While it may take several more years to thoroughly vet these standards, the real threat of decryption from quantum computers is likely still about a decade away.

Many experts are eager to know whether the upcoming NIST standards will significantly improve the protection of encrypted data against the growing quantum threat. Unfortunately, a recent successful attack on one of the candidate signature algorithms by an IBM researcher has raised some concerns.

Recent Breakthrough in Signature Algorithm Security

News of the breach of the Rainbow signature algorithm emerged in February of this year. According to the Spanish newspaper El Pais, Rainbow was cracked in just over 50 hours using only a laptop computer.

Jack Hidary, CEO of quantum technology company Sandbox AQ, told Fierce Electronics that Rainbow will not be among the final standards, so there is no cause for concern. If Rainbow is excluded, the upcoming NIST announcement will likely include six standards: three for public key signatures and three for key exchange.

Hidary also suggested that Rainbow could be “fixed” by changing its parameters, and it might even return to the list of considered standards in the future.

What’s Next for Quantum Security?

Companies and network operators will spend much of the next few years testing and analyzing the future NIST standards before they are widely adopted as updates to RSA. Meanwhile, other efforts to ensure quantum security will continue, such as the transition to quantum key distribution to support quantum-secure communication networks.