U.S. National Institute of Standards and Technology Post-quantum Computing Project Update. FCW is reporting the U.S. National Institute of Standards and Technology, Chief of the Computer Security Division, Matthew Scholl, discussed current the post-quantum cryptography standardization project during a briefing to the Information Security and Privacy Advisory Board, on March 20, 2019. Key excerpts from the FCW report, edited for clarity, are below:
⋅ “In a March 20 briefing to the Information Security and Privacy Advisory Board, Matthew Scholl, Chief of the Computer Security Division at NIST, said the agency spent much of the past year evaluating 69 algorithms for its Post Quantum Cryptography Standardization project, a 2016 project designed to protect the machines used by federal agencies today from the encryption-breaking tools of tomorrow.”
⋅ “The submitted algorithms are all designed to work with current technology and equipment, each offering different ways to protect computers and data from attack vectors – known and unknown – posed by developments in quantum computing. NIST chose 26 of the most promising proposals in January 2019, and the agency will be conducting a second evaluation this year to whittle that list down even further… Scholl told the board that the agency is not shooting for a specific number of algorithms at the end of the process and wants to leave room for agencies to deploy multiple options to protect their assets… This is to ensure that we have some resilience so that when a quantum machine actually comes around — not being able to fully understand the capability or the effect of those machines — having more than one algorithm with some different genetic mathematical foundations will ensure that we have a little more resiliency in that kit going forward.”
⋅ “Switching encryption protocols is disruptive. NIST turned to the history books to study previous cryptographic transitions in the federal government and found they were plagued by poor communication, unrealistic timelines and overall confusion regarding expectations. Scholl said the agency is planning to do more proactive outreach to agencies and industry during second round evaluations.”
The Qubit Report keeps close tabs on the efforts of NIST in relation to post-quantum computing and other cybersecurity related matters. We will continue to follow the effort. Because quantum is coming. Qubit.