Post-quantum encryption: Crypto flexibility will prepare firms for quantum threat, experts say

It doesn’t help that an official set of standards for quantum-safe encryption still hasn’t been released. NIST has been working on one for a few years, and the final recommendations are due out this summer.

NIST’s first request for comments about post-quantum cryptography went out in 2016, the first draft went out in the summer of 2022, and the most recent public comment period closed in November of 2023.

“They wanted to be as inclusive as possible and take as many comments as possible,” says IBM cryptography researcher Vadim Lyubashevsky. “It really takes time to dot the i’s and cross the t’s.”

The latest enhancements were mostly on the interface side, he added, not related to the fundamental math of the new algorithms. For example, should inputs be hashed before or during the signature? “And there’s a lot of other small things,” he added.

Since it’s the asymmetric encryption standards that are primarily at risk, it is vital to get all the implementation arrangements worked out. Asymmetric encryption involves two keys – a public key and a private key – and is used to encrypt online communications, banking transactions, and other messages that involve multiple parties.

Symmetric encryption, by comparison, uses the same key for both encryption and decryption, and is commonly used to secure stored documents. Symmetric encryption is less reliant on agreements between multiple parties, and it is also inherently more secure against quantum computers.