With the progressive development of quantum computers, IT security must also be reorganized. The U.S. Federal Agency National Institute for Standards and Technology (NIST) is aware of the potential dangers of quantum computers for secure data encryption and in 2016 started a process for standardizing quantum computer-resistant cryptographic methods. Research groups from around the world submitted concepts to the next generation of cryptographic algorithms, so-called post-quantum algorithms; 15 reached the final. The decision of NIST was expected with excitement by authorities and companies worldwide, as experience has shown that international standards follow the assessment of the US authorities.
New standard in IT security
Six years later, the decision has now been made: Four post-quantum cryptographic algorithms will be made standard – one of these algorithms, the signature algorithm SPHINCS +, bears the signature of Graz University of Technology. Christian Rechberger, cryptography expert at the Department of Applied Information Processing and Communication Technology: “In a world of IT security, this decision is of enormous relevance. We will find these algorithms in every piece of software, in every chip; from industrial systems to private mobile phones, from data centers for pressure sensors in car tires. ”
In a world of IT security, this decision is of immense relevance. We will find these algorithms in every piece of software, in every chip; from industrial plants to private mobile phones, from data centers to pressure sensors in car tires.
It is still uncertain when the first quantum computers will actually start working. But it is already clear: Quantum computers can solve mathematical operations on which today’s asymmetric cryptographic methods are based – the security infrastructure of the past is practically worthless. Appropriate standardized replacement methods for the current generation of encryption and signature methods are therefore required in advance.
Four post-quantum algorithms
For general encryption used when accessing secure websites, das NIST selected the CRYSTALS-Cyber algorithm. Its advantages include the relatively small encryption keys that two parties can easily exchange, as well as its high operating speed.
The three algorithms CRYSTALS-Dilithium, FALCON and SPHINCS + will be used in the future to guarantee the authenticity of data and senders. Digital signatures are used, for example, when identities need to be verified during a digital transaction. SPHINCS +, is slightly larger and slower than the other two algorithms, but than backup valuable because: It is the only one based on Hash-Works and requires no further assumptions. This makes SPHINCS + particularly conservative and designed for long-term safety (note: Hash– Functions are used in digital signatures to calculate “fingerprints” of messages. The fingerprint is sent along with the message to the recipient as proof of integrity.).
All four algorithms have been developed in intensive international collaborations. In addition to TU Graz, other well-known names were involved in the development of SPHINCS +, such as TU Eindhoven, Ruhr University Bochum, Infineon, TU Denmark and the University of Illinois at Chicago.
Although the standard is now under final development, this is encouraging NIST Security professionals to examine the new algorithms, consider application details and inform IT departments and vendors. The algorithms are here NIST-Site available. More details are also available in the press release NIST.