What is NIST?
Crucially, NIST certifies and helps to develop encryption standards. And because compliance with NIST standards is a prerequisite to obtaining US government contracts, these encryption standards are often widely adopted by technology firms around the world. And are incorporated into their security products
AES, RSA, SHA-1 and SHA-2, for example, were all developed and/or certified by the United States National Institute of Standards and Technology (NIST).
NIST also works very closely with the NSA, and is widely regarded as being complicit in weakening key encryption standards at its behest.
What are quantum computers?
“Quantum computers… make direct use of quantum-mechanical phenomena, such as superposition and entanglement, to perform operations on data… Large-scale quantum computers will be able to solve certain problems much more quickly than any classical computers that use even the best currently known algorithms… There exist quantum algorithms, such as Simon’s algorithm, that run faster than any possible probabilistic classical algorithm.”
What this means is that computers in the not distant future will be able to perform calculations and solve mathematical problems much faster than any conventional computer around today.
Of course, no-one has yet developed a quantum computer capable of this, but the NSA is throwing vast resources at developing as “a cryptologically useful quantum computer.” And even commercial projects are beginning to show promising results.
The problem with quantum computers
To cryptographers, quantum computers present a major headache. Strong modern cryptographic algorithms are regarded as being secure against conventional computer-based decryption methods for tens, if not hundreds, of years.
In fact, I have calculated that it would take one of the fastest supercomputers currently in existence around 1 billion years to crack a 128-bit AES key by brute force.
A quantum computer, however, could (at least in theory) make mincemeat of all current encryption schemes. According to Michele Mosca, co-founder of the University of Waterloo’s Institute for Quantum Computing,
“The cryptography tools that are the foundation of cybersecurity are all threatened by quantum computation. Once we fully harness the quantum world it could complete shatter the currently deployed public key cryptography… and it can sufficiently compromise symmetric key ciphering. That’s the catastrophe looming.”
So it is no wonder that NIST is worried,
“If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use.”
Someone with access to a quantum computer could easily access every online bank account in the world, could decrypt the vast amounts of highly sensitive and classified information held by every government in the world (including the US government, of course), and much more.
NIST has now issued a public call for help in tackling this problem,
“The National Institute of Standards and Technology (NIST) is officially asking the public for help heading off a looming threat to information security: quantum computers, which could potentially break the encryption codes used to protect privacy in digital systems. NIST is requesting methods and strategies from the world’s cryptographers, with the deadline less than a year away.
The Call for Proposals for Post-Quantum Cryptography Standardization (link is external), announced today in the Federal Register, is NIST’s first formal step toward countering the danger that quantum computers pose to the security of digital information. Though practical quantum computers have yet to be built, their design—which would draw upon very different scientific concepts than conventional computers—would enable them to break some of the cryptographic algorithms commonly used to protect electronic messages.”
Private sector and academic cryptographers are invited to send proposed algorithms to NIST by November 30, 2017. An evaluation phase will follow, which will take an estimated three to five years. NIST mathematician Dusty Moody explains that,
“We will be doing our own internal review of the algorithms, and we certainly want the public and crypto community to analyze the algorithms as well… Post-quantum algorithms haven’t received nearly the same amount of scrutiny and cryptanalysis as those we currently use on today’s conventional computers. We need that to change.”