Tag Archive for: PostQuantum

State, Local Govt Can Prepare Now for Post-Quantum Security

/in


The federal government is preparing for the day when quantum computers become powerful enough to crack many commonly used encryption methods. As it does so, it’s aiming to ensure that public and private organizations of all types are included in the drive toward more quantum-proof security.

2022 could see the next stage in this work, with the National Institute of Standards and Technology (NIST) slated to release an initial standard for quantum-proof encryption algorithms. The Department of Homeland Security (DHS), meanwhile, has been creating resources to help prepare entities to adopt the new standards, and it plans to push for greater awareness of these offerings in the new year.

ANTICIPATING QUANTUM RISKS

Anticipated quantum computing advancements could introduce broad-reaching risks, threatening the encryption that secures everything from digital communications to credit card payments.

No one knows when the hypothesized cryptography-defeating capabilities will come into being, but senior DHS officials told Government Technology that they aim to be ready in case they come as soon as 2030.

NIST has been working for several years to identify new encryption methods likely to withstand even this computational power. It issued a call for so-called “quantum-resistant” encryption algorithms in 2016 and has since been winnowing the submissions down to a handful of the most promising.

The forthcoming standard may incorporate several different approaches, to help ensure it’s relevant, given that it’s not clear how exactly quantum computing will evolve, NIST mathematician Dustin Moody has said previously.

“It’s important for the eventual standard to offer multiple avenues to encryption, in case somebody manages to break one of them down the road,” Moody said in a 2020 NIST blog post.

The advent of cryptography-threatening quantum computing may seem far off, but DHS expects the transition to quantum-proof encryption will be a lengthy process, making it important for organizations to start early.

RAISING AWARENESS

Releasing NIST’s algorithms is only half the battle. The other is ensuring they’re widely — and…

Source…

Preparing for the Post-Quantum Migration: A Race to Save the Internet | Womble Bond Dickinson

/in


National agencies and scientific institutions are well aware of the threat of quantum computers to existing cryptography. In 2015, the United States National Security Agency first published warnings of the need to transition to quantum-resistant algorithms. One year later, the National Institute of Standards and Technology (“NIST”) began a standardization initiative for post-quantum cryptography and secure operating parameters. Post-quantum cryptography is the study of crypto-systems that can be run on a conventional computer and is sufficiently secure against both quantum and conventional computers. However, the trial process is lengthy and NIST continues to review and scrutinize potential quantum-resistant algorithms. The initiative identified five classes of cryptographic systems that are currently quantum-resistant: lattice based; multivariate-quadratic-equations; hash-based; code-based; and supersingular elliptic curve isogeny. NIST is expected to announce the first algorithm to qualify for standardization within the next two years.

During this transition period while the world awaits NIST’s findings, there are measures that can be taken now to begin securing data against quantum computing and preparing for the upcoming migration. Organizations should begin the engineering work necessary to prepare their infrastructure for the implementation of post-quantum cryptography as soon as the migration is ready. To begin preparing now, experts recommend that organizations create a reference index for those applications that use encryption and ensure that current and future systems have sufficient cryptographic agility. Reference indexing allows organizations to assess quantum vulnerabilities ensuring that all applications are migrated, minimizing the risk of incidents occurring in one part of their digital ecosystem. It is essential that organizations perform an ongoing assessment of their risks and migrate quickly to prevent systemic data insecurity.

Organizations should develop a plan to transition to quantum-resistant encryption. Planning ahead will minimize system down time and provide flexibility for responding to any implementation flaws. Organizations can utilize their…

Source…

Serious Security: Post-Quantum Cryptography (and why we’re getting it)

/in

we’ll probably regard a few megabits of bandwith as insignificant… …and so we might as well get ready now. Just in case. Follow @NakedSecurity on Twitter for the latest computer security news.
computer security – read more