A major “post-quantum” cryptography algorithm used by AWS, Google and CloudFlare, and developed in part by Microsoft, has been cracked in about an hour using a nine-year-old Intel Xeon processor. Known as supersingular isogeny key encapsulation (SIKE), the technique had been shortlisted as a possible encryption standard that can withstand quantum computers.
SIKE had been shortlisted to be certified by the US National Institute of Standards and Technology (NIST) as a standard for post-quantum encryption. Businesses have been advised to prepare for a post-quantum future but the apparent ease with which SIKE was cracked shows they should proceed with caution, experts told Tech Monitor.
British cybersecurity firm PQShield was involved in all of the algorithms selected for inclusion as standards during round four. Ali El Kaafarani, PQShield’s CEO, described the SIKE cracking as a “great success story for the NIST process”.
“Without the NIST PQC [selection process], those algorithms and others could have had very little attention and security scrutiny by cryptographers and mathematicians and likely ended up being used by some companies as proprietary encryption methods that have big non-verified security claims as often happens,” said El Kaafarani.
“The cryptography community has been doing a great job building and breaking crypto systems so that only the more secure ones are used to protect us.”