The National Institute of Standards and Technology (NIST) in the United States has introduced three new encryption algorithms to protect critical data from cyber attacks that may arise from quantum computers. These quantum-safe algorithms are the result of an eight-year project by NIST to standardize post-quantum cryptography.
The development of these new standards involved collaboration from cryptography experts around the world. NIST evaluated 82 algorithms from researchers in 25 countries and selected 14 as finalists, dividing them into primary and alternative algorithms. NIST Director Lauria Locascio described these new standards as the culmination of efforts to safeguard electronic information.
While quantum computers capable of breaking traditional encryption methods have not yet materialized, NIST is encouraging the immediate incorporation of these new algorithms into systems. Dustin Moody, NIST lead mathematician on the project, stressed the importance of preparing for potential attacks that may compromise the algorithms in the new standards.
The new standards are designed to fulfill two main tasks of encryption: general encryption for protecting data on public networks and digital signatures for authentication. The four algorithms initially selected last year have now been renamed and categorized into primary and backup standards.
Cyber security experts have welcomed the introduction of these new quantum-safe encryption algorithms, signaling the beginning of the quantum computing era. Organizations are advised to assess their quantum risk, identify vulnerable encryption methods, and develop resilient cryptographic architectures to adapt to the changing landscape of cyber threats.
With the release of these recommended PQC algorithms, organizations are urged to prepare their security infrastructure for potential quantum threats. Companies like BT emphasize the importance of risk assessment and implementing a quantum-ready approach to mitigate future risks to sensitive data. Overall, the new standards mark a significant milestone in modern cyber security.