NIST releases draft algorithms for quantum-resistant cryptography
The National Institute of Standards and Technology is accepting feedback on the Federal Information Processing Standards 203, 204 and 205 draft standards until November 22, according to its announcement in the Federal Register.
Following the comment period, the NIST cryptographic standards are intended for use starting in 2024, officials said.
The NIST Post-Quantum Cryptography project is about four years into a six-year effort to develop public-key cryptographic algorithms that are capable of protecting sensitive and protected information.
The advancement of quantum computing poses a real threat of making the entire cybersecurity infrastructure of the modern world essentially obsolete in the coming years, with massively powerful computers potentially soon able to crack the encryption upon which the vast majority of security systems rely.
NIST said in its announcement on August 24 that, while the three quantum-resistant encryption algorithms will be the first, "they will not be the last."
Next year, the institute will release a draft standard for FALCON, a fourth algorithm NIST selected for development last year, and is further developing a second set of algorithms that "offer alternative defense methods should one of the selected algorithms show a weakness in the future."
Moving beyond binary computing, quantum computers and their qubits can power through complex computations at a rate that far outpaces even today's most advanced supercomputers.
Quantum computing has shown promise in making the training of machine learning models more efficient and enabling higher accuracies. It's already changing how machine learning is being applied to healthcare data across a variety of use cases like genomic sequence analysis, virtual screening in drug discovery, medical image classification, disease risk prediction and adaptive radiotherapy, according to Frederik Flöther, a quantum expert who spoke at HIMSS23 earlier this year.
The danger is that quantum computers in the wrong hands could quickly crack every code binary computing can create – and could pose a fundamental challenge to most modern security cryptography.
As reported in a fascinating New Yorker feature from this past December, Bell Labs mathematician Peter Shor has shown how quantum computers could help crack widely used encryption standards – rendering the vast majority of security forces and systems powerless against penetration.
Shor told the magazine that he thought it was possible he might see this happen in his lifetime.
At the December 2022 HIMSS Cybersecurity Forum in Boston, Matthew Scholl, division chief of NIST's computer security division, raised the alarm about what quantum could mean for the existing security infrastructure of most modern technology networks.
"Much of our security capabilities and control – and this comes from a person who leads most of the cybersecurity portfolio at NIST – is built on sand," said Scholl. "We have abstracted much of our security capabilities on top of actions and activities for which there is not a sound measurement, an understanding of, or actually a strong capability to do.
"There are very few grounding cybersecurity capabilities from which we can build our abstractions against," he explained. "Be it philosophical discussions about risk management, the abstracted level of a control statement within an 800-53 security control document, or even in the implementation of an identity and access management system."
NIST's new, quantum-proof encryption standards are intended to offer some protection to help shore up defenses against that risk.
For his part, Flöther told Healthcare IT News in April that the time to prepare cybersecurity systems to protect and defend against cyberattacks leveraging quantum computing is now.
"Some quantum algorithms, specifically Shor’s algorithm … are able to provide significant speedups for solving mathematical problems that are central to current cryptographic methods," he said. "As a result, once quantum hardware and software improve to the point where these algorithms can be run for larger-size problems, many of the currently employed cryptographic protocols are rendered ineffective.
"Moreover, the future confidentiality of today's data is already threatened through 'harvest now, decrypt later' attacks. Hence, it is imperative that organizations, particularly those dealing with sensitive data that need to be kept secure for a long time (as is common in the medical space), start developing roadmaps for the transition to quantum-safe cryptographic standards."
Andrea Fox is senior editor of Healthcare IT News.
Healthcare IT News is a HIMSS Media publication.