The National Institute of Standards and Technology (NIST) has spearheaded the effort to standardize new encryption algorithms capable of withstanding attacks from quantum computers. NIST initiated the process in 2015, recognizing the potential threat that quantum computing presents to existing cryptographics.
According to a statement from Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio, “Quantum computing technology could become a force for solving many of society’s most intractable problems, and the new standards represent NIST’s commitment to ensuring it will not simultaneously disrupt our security. These finalized standards are the capstone of NIST’s efforts to safeguard our confidential electronic information.” Their approach to spearheading its development has taken the form of soliciting and standardizing quantum-resistant algorithms through a rigorous, multi-year public competition that engages global cryptography experts from industry, government, and academia.
What is quantum resistant cryptography?
Quantum-resistant cryptography, also known as post-quantum cryptography (PQC), is the development of cryptographic systems designed to secure information against attacks from both classical and quantum computers. The field emerged from the recognition that quantum computers, leveraging the principles of quantum mechanics, possess the potential to break many of the public-key encryption algorithms widely used today. These algorithms, such as RSA and Elliptic Curve Cryptography (ECC), rely on the computational difficulty of mathematical problems like integer factorization and discrete logarithms. Quantum computers may be able to solve these issues using their own complex algorithms. To make this possible, the NIST standardizes algorithms capable of resisting cyberattacks from quantum computers.
How the NIST standardization process works
Initiated in 2016, the standardization process begins with a public call for submissions, inviting cryptographers from around the world to propose their algorithms. The submissions have to meet minimum acceptability requirements and evaluation criteria established by NIST.
The submitted algorithms then undergo several rounds of evaluation, involving cryptoanalysis-based attacks and testing to assess their security and performance. In each round, some algorithms are discarded while others advance for further scrutiny. The final stage involves the publication of Federal Information Processing Standards (FIPS) that detail the standardized algorithms and provide guidance for their implementation. Throughout the evaluation process, public feedback is actively considered to refine the evaluation criteria.
How do the new standards impact the healthcare sector?
The introduction of NIST's quantum-resistant algorithms provides a framework for healthcare organizations to transition to more secure cryptographic methods that can withstand potential quantum threats. This becomes all the more necessary as traditional encryption methods become vulnerable to attacks that could compromise the confidentiality of electronic health records.
Related: HIPAA Compliant Email: The Definitive Guide
FAQs
What is cryptography?
Cryptography is the practice of securing information by transforming it into an unreadable format, ensuring that only authorized parties can access it.
What are the main types of cryptography?
The main types of cryptography include symmetric-key cryptography, where the same key is used for both encryption and decryption; asymmetric-key cryptography, which uses a pair of keys (public and private); and hash functions, which convert data into a fixed-length string that cannot be reversed.
What algorithms are considered quantum-resistant?
Some examples of quantum-resistant algorithms include lattice-based cryptography (like NTRU), code-based cryptography (like McEliece), multivariate polynomial cryptography, and hash-based signatures.
Kirsten Peremore
