Post-Quantum Cryptography: The Algorithms That Will Protect Data In The Quantum Era

Traditional asymmetric cryptographic methods won’t withstand attacks from quantum computers.


There is no doubt that quantum computers will play a significant role in helping the world solve complex challenges not possible on current classical computers. However, quantum computers also pose a serious security threat. They will eventually become powerful enough to break traditional asymmetric cryptographic methods, that is, some of the most common security protocols used to protect sensitive electronic data including your bank account and medical records. Even data that is stored and considered secure today will be at risk in the quantum era.

Once sufficiently powerful quantum computers exist, traditional asymmetric cryptographic methods for key exchange and digital signatures will be easily broken. Leveraging Shor’s algorithm, they will reduce the security of integer discrete logarithms like Elliptic Curve Cryptography (ECC) and RSA (Rivest-Shamir-Adleman) so much that no reasonable key size would suffice to keep data secure. Conversely, symmetric cryptography in general, and Advanced Encryption Standard (AES), Secure Hash Algorithm 2 (SHA-2), and SHA-3 in particular, are expected to suffer a much smaller security reduction from quantum computers; using large key sizes will be enough.

Governments, researchers, and tech leaders the world over have recognized this security threat and the associated challenge to secure critical infrastructure against quantum computers. Many initiatives have been launched to develop and deploy new cryptographic algorithms that can replace RSA and ECC without being vulnerable to either classic or quantum attacks. This is what is commonly referred to as “Post-Quantum Cryptography” (PQC), “Quantum Safe,” “Quantum Proof” or “Quantum Resistant” cryptography.

The biggest public initiative to develop and standardize new PQC algorithms was launched by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST). After six years of competition, in July 2022 NIST announced the first group of algorithms designed to withstand a quantum attack. The four encryption algorithms selected will become part of NIST’s post-quantum cryptographic standard, expected to be finalized in the coming years. CRYSTALS-Kyber was selected as a Key Encapsulation Mechanism (KEM) and CRYSTALS-Dilithium, FALCON, and SPHINCS+ were selected as digital signature algorithms.

Following NIST’s algorithm selection, in September 2022, the National Security Agency (NSA) published an update to its Commercial National Security Algorithm Suite (CNSA). CNSA 2.0 specifies that CRYSTALS-Kyber and CRYSTALS-Dilithium should be used as quantum-resistant algorithms. In addition to these, the stateful hash-based signature schemes XMSS (eXtended Merkle Signature Scheme) or LMS (Leighton-Micali Signatures) are to be used for firmware protection. The update provides an ambitious migration timeline for the US government and its suppliers to adopt these new PQC algorithms. The NSA requires all National Security Systems (NSS) to fully transition to PQC algorithms by 2033, with some use cases required to complete that transition as early as 2030.

Other organizations throughout the world have also published their own guidelines on PQC. The common theme in Europe is that the NIST algorithm selection is good, but that Frodo KEM and Classic McEliece KEM algorithms are also acceptable. For use cases where KEMs must be chosen with a focus on long-term security, these may be favored by some European governments. Clear timelines for standardization of additional algorithms or migration projects are still a work in progress. It is possible that in the coming years we may see the standardization of additional PQC algorithms happen within international organizations, such as the Internet Research Task Force’s (IRTF) Crypto Forum Research Group or the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC).

Quantum computing is being pursued across industry, government and academia with tremendous energy and is set to become a reality in the not-so-distant future. For many years, Rambus has been a leading voice in the PQC movement and continues to develop algorithms and products designed to secure our customers’ data and devices. Solutions like the Rambus Root of Trust portfolio anchor security in hardware, include AES and SHA cryptographic cores, and offer programmability to incorporate new functionality to futureproof designs.


Leave a Reply

(Note: This name will be displayed publicly)