Post-Quantum World started last week
The National Institute of Standards and Technology (NIST) released the first 3 finalized post-quantum encryption standards on Aug. 13.
That news was buried in the noise of AI cacophony, yet it is a culmination of a project which started 8 years ago.
These are an important set of encryption standards designed to withstand the attack of a quantum computer.
The current thought is that the companies that are developing quantum computers may have the technology to break current encryption methods within a decade.
Why are these new standards important?
A brief walk through the memory lane. In 1977, Ron Rivest, Adi Shamir and Leonard Adleman publicly described the public-key cryptosystem named after them — RSA. This system is using a combination of private-public keys.
These keys are based on two large prime numbers. As the name suggests, the public key is shared with anyone who wants to send you an encrypted message and the private key, which has to remain secret, is used to decrypt the message. The reason why this works is that when one uses sufficiently large prime numbers to generate the key pair, it is impossible with currently available computers to use the public key and to reverse the operation.
However, in 1994, Peter Shor developed a quantum algorithm for finding the prime factors of an integer. He showed that a sufficiently large quantum computer can break the encryption. That was one of the reasons why companies started working on building quantum computers. In 2001, IBM demonstrated with their quantum computer that they can factor 15 to 3 x 5. In 2012, IBM could factor 21. This means that at this particular moment in time, there is no danger that any currently available quantum computer can break the public key encryption.
Nevertheless, that's a false sense of security.
Every government and organization wants to know secrets, even if they’re old. You might want these secrets to last forever, but these agencies are engaged in an activity called harvest now, decrypt later.
As the term suggests, everyone is capturing encrypted content and waiting for the technology to catch up. They know that one day, the quantum computers will be sizable enough to break these encrypted messages.
What does it mean for you? As an individual, there is not much you can do. If you think that you have secrets which even 20 years from now would do harm to you if exposed, don't use a computer to store them or communicate them to others.
The chances are (sadly) quite high that your computer will be hacked and the information compromised.
And if anybody tells you that the key to good security is a strong password, here is a funny story from the past, Last Password Standing, to share with them.
If you are involved in building new tech or looking after security and infrastructure in your current companies, you should learn more.
Entering 'pq encryption vendor' in Google or another non-monopolistic search engine will provide you with a list of vendors. See if any of their solutions are relevant for you.
You will be busy for the next several years. Every single piece of computing infrastructure which communicates securely with another machine will (or should) have to have their software upgraded. Think of a Y2K-level event.
The exciting part for me is the never-ending competition of mathematicians, cryptographers, scientists and engineers building quantum computers. They are trying to outsmart each other.
It is their recurrent pattern. We are happy for them. For the rest of us, it means new, better, more capable technology, which will help us find solutions to our current problems and help us discover things which we don't know about yet. New patterns in the making. Welcome to the post-quantum world.