Quantum security standards will appear soon

In the next few weeks, the National Institute of Standards and Technology (NIST) will announce new post-quantum cryptography standards for public key signature and exchange algorithms.

Presumably, it may take several more years to properly verify these standards, whereas the real threat of decryption coming from quantum computers is likely to appear in ten years.

Many experts want to know whether the upcoming NIST standards will significantly improve the ability to protect encrypted data from a growing threat. Unfortunately, a recent successful attempt to crack one of the candidates for standard signature algorithms, undertaken by an IBM researcher, raises a number of concerns.

News about the hacking of the signature called Rainbow appeared in February of this year. According to the Spanish newspaper El Pais, Rainbow was hacked in just over 50 hours using just a laptop computer.

Jack Hidary, CEO of Sandbox AQ, a quantum technology company, told Fierce Electronics that Rainbow will not become one of the final standards and there is nothing to worry about. If Rainbow doesn’t make the list, the upcoming NIST announcement will likely include six standards, including three for public key signing and three for key exchange.

Hidari also suggested that Rainbow could be “fixed” by changing its parameters, and even it could potentially return to the list of standards under consideration.

Companies and network operators will spend most of the next few years checking and analyzing future NIST standards before they become widely used as RSA updates. At the same time, other efforts to ensure quantum security will continue, such as the transition to the distribution of quantum keys to support quantum-secure communication networks.