The National Institute of Standards and Technology (NIST) is expected within the next few weeks to announce several new post-quantum cryptography standards for public key signature and exchange algorithms.
What everyone wants to know is whether or not the upcoming NIST standards will greatly enhance the ability to protect encrypted data from the growing threat. Unfortunately, a recent successful hacking effort on one of the signature algorithm standard candidates by an IBM researcher may not do much for the confidence of those concerned about future dangers. Although, quantum experts so far are taking the news in stride.
News of the cracking of this signature, called Rainbow, first emerged in February, though details were still coming to light in late March. In recent days, the Spanish newspaper El Pais published an account of how Rainbow was cracked in a little over 50 hours using just a laptop PC. Though that might seem like a reason for deep concern, the quantum sector has not been panicking.
Jack Hidary, CEO of Sandbox AQ, the quantum technology company recently spun out of Google owner Alphabet, told Fierce Electronics that Rainbow “is not going to make it” as one of the final standards, and “previous papers” suggested as much even before the most recent paper. “I think this final list will focus on some of the other protocols. To be clear, there was not a final standard that came out of NIST that was broken; that did not happen. These protocols were coming down through this process [which started several years ago with 69 candidate algorithms], and during that process concern was raised about one of them.”
If Rainbow doesn’t make the cut, NIST’s upcoming announcement is likely include six standards: three for public key signatures and three for key exchange.