[ad_1]
The National Institute of Standards and Technology announced this week Three encryption algorithms Designed to fend off cyberattacks, industry watchers say it is a way to prevent disruption to existing Encryption Method.
this Federal Information Processing Standards (FIPS) 203, 204, and 205 Provides standards for general purpose encryption and protection of digital signatures. They are derived from multiple submissions to the NIST Post-Quantum Cryptography Standardization Project.
Quantum computers NIST says it is rapidly improving the capabilities of high-performance computing and the new standard is available for immediate use.
“Quantum computing technology has the potential to be a force for good in solving many of society’s toughest problems, and this new standard represents NIST’s commitment to ensuring it doesn’t also undermine our security,” said Laurie E. Locascio, Under Secretary of Commerce for Standards and Technology and NIST Director, in a statement. statement“These finalized standards are a cornerstone of NIST’s efforts to protect our classified electronic information.”
Today’s RSA encryption is no longer enough
Although IEEE Point out Large-scale quantum computers may not appear for another 10 years. NIST is concerned about PQC because almost all data on the Internet is protected by RSA. encryption The IEEE says that once large-scale quantum computers are built, they will be able to undermine the security of the entire internet.
The IEEE said that devices using RSA security, such as cars and IoT devices, will need to be equipped with quantum-safe cryptography before they can be used, as they will remain so for at least the next decade.
Another reason the new standard is needed is the “collect now, decrypt later” strategy, whereby threat actors might download and store encrypted data today, planning to decrypt it once a quantum computer is online, the IEEE noted.
NIST said the standards, which took eight years to develop and include computer code for cryptographic algorithms, instructions for implementation and their intended uses, added that it sought input from cryptography experts around the world to conceive, submit and evaluate cryptographic algorithms that could resist attacks by quantum computers.
While this emerging technology has the potential to change the nature of industries such as weather forecasting, fundamental physics, and drug design, it also poses threats.
“This is a critical moment in our cybersecurity community”
Aaron Kemp, KPMG Advisory Technology Risk Leader, said these new algorithms are the first of many that NIST will make available in the coming years.
“this The threat of quantum computing “The advances in these algorithms over current encryption standards cannot be overstated,” he said. “They are the first step toward a new era of cryptographic agility.”
Kemp added that organizations that have been waiting to begin post-quantum encryption migration now have a set of standards that can be integrated into their systems.
“The federal government has required federal entities to adopt these standards by 2035, and businesses that work with the government need to follow suit,” he noted. “This is the first step in the largest migration to encryption in history.”
Tom Patterson, head of emerging technology security at Accenture, described the new quantum global encryption standard as a “pivotal moment for our cybersecurity landscape”.
Quantum computers pose a significant risk to our current encryption methods, Patterson said.
Therefore, “organizations must assess their quantum risk, discover vulnerable cryptography within their systems, and develop a resilient cryptographic architecture immediately,” he explained, adding that the new standard will help organizations maintain their cyber resilience in a post-quantum world.
Although today’s quantum computers are small and experimental, their capabilities are increasing rapidly, and “it’s only a matter of time before cryptographically relevant quantum computers (CRQCs) emerge,” observed Tim Hollebeek, industry and standards technology strategist at DigiCert.
“These quantum computers will be powerful enough to break the asymmetric encryption used to protect internet communications and devices — and they could do so in as little as five to ten years.”
Hollebeek added: “The good news is that this problem can be solved by moving to new hard problems that are less vulnerable to attack by quantum computers, and the new NIST standard describes precisely how these new hard problems can be used to protect future internet traffic.”
Colin Soutar, Deloitte’s U.S. and global quantum network readiness leader, called the new NIST standard “a great achievement.” But he noted that the key question around quantum network readiness is not when a CRQC will exist, but whether a CRQC will exist in the next five to 10 years.
In this context, organizations need to understand what risks CRQC poses to them in the future and ask themselves how long it will take to update their public key cryptography to ensure the confidentiality and integrity of data, he said.
“We welcome the broader awareness that NIST standards are generating across many industries and hope that these upgrades are accomplished through a voluntary risk management-based process,” Soutar said.
[ad_2]
Source link
