Planning for a Quantum Robust Digital World
So one of the most fundamental questions in cybersecurity is how we will replace our existing public key methods with something that cannot be cracked by quantum computers. We rely so much on RSA, Diffie Hellman and ECC methods, for our key exchange methods in TLS and VPN (ECDH), within the encryption of secret keys (ECIES), in digital signatures (ECDSA and DSA) and in the proof of identity. It is a core part of our secure digital world. As quantum computers will crack our existing key exchange methods, our public key encryption and our digital signatures, we need to plan towards the future and start to integrate methods that are still secure in an era of quantum computers.
And so NIST has been working on defining a standard for the best method to replace these, and yesterday they made their announcement on the final of the PQC (Post Quantum Cryptography) standardization process. For Public-Key Encryption and KEMs (Key Exchange) we have:
- Classic McEliece. This has been around for around 40 years and has been shown to be fairly resistant to attack. It produces a fairly long encryption key but produces a fairly small amount of ciphertext.
- CRYSTALS-KYBER (Lattice). Uses LWE (Learning with Errors) with lattice methods. A new lattice attack was discovered within the period of the assessment, but it is hoped that an updated…
