Cybersecurity must be everyone’s concern so dip your whiskers in this report from NIST. Get it boiled down to the nitty gritty from GCN author Susan Miller. See link below. Becuase Quantum is Coming. Qubit.
NIST previews post-quantum cryptography challenges
+ To help prepare organizations for post-quantum cryptography, the National Institute of Standards and Technology’s National Cybersecurity Center of Excellence has released the final version of a white paper, “Getting Ready for Post-Quantum Cryptography: Exploring Challenges Associated with Adopting and Using Post-Quantum Cryptographic Algorithms.”
One problem is that existing encryption standards can’t simply be replaced with quantum-resistant ones. Some quantum-resistant candidate algorithms involve extremely large signature sizes, require excessive processing and use very large public or private keys that would make the solution difficult to implement widely. Even when secure operations are possible, NIST says, “performance and scalability issues may demand significant modifications to protocols and infrastructures.”
+ Since 2016, NIST has been working with researchers to develop cryptographic algorithms that will be strong enough to resist the privacy and security threats quantum computers will pose. While those new algorithms will likely be ready before quantum computers are widely used, the transition from today’s standards to the new post-quantum public-key standards “is likely to be more problematic than the introduction of new classical cryptographic algorithms,” the paper states. “In the absence of significant implementation planning, it may be decades before the community replaces most of the vulnerable public-key systems currently in use.”
+ As a result, there might need to be a variety of post-quantum algorithms to overcome implementation constraints, like sensitivity to large signature sizes. Another option would require modifying existing protocols to handle larger signatures. In any case, the report says, replacing cryptographic algorithms will be a large and complex operation that requires “changing or replacing cryptographic libraries, implementation validation tools, hardware that implements or accelerates algorithm performance, dependent operating system and application code, communications devices and protocols, and user and administrative procedures.”
Content may have been edited for style and clarity. The “+” to the left of paragraphs or other statements indicates quoted material from “Source:” document. Boldface title is original title from “Source:” Italicized statements are directly quoted from “Source:” document. Image sources are indicated as applicable.