Bitcoin Forum
December 11, 2024, 12:48:26 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: NIST Announces First Four Quantum-Resistant Cryptographic Algorithms  (Read 126 times)
Hydrogen (OP)
Legendary
*
Offline Offline

Activity: 2562
Merit: 1441



View Profile
July 05, 2022, 10:49:41 PM
 #1

Quote
GAITHERSBURG, Md. — The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has chosen the first group of encryption tools that are designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems we rely on every day — such as online banking and email software. The four selected encryption algorithms will become part of NIST’s post-quantum cryptographic standard, expected to be finalized in about two years.

“Today’s announcement is an important milestone in securing our sensitive data against the possibility of future cyberattacks from quantum computers,” said Secretary of Commerce Gina M. Raimondo. “Thanks to NIST’s expertise and commitment to cutting-edge technology, we are able to take the necessary steps to secure electronic information so U.S. businesses can continue innovating while maintaining the trust and confidence of their customers.”

The announcement follows a six-year effort managed by NIST, which in 2016 called upon the world’s cryptographers to devise and then vet encryption methods that could resist an attack from a future quantum computer that is more powerful than the comparatively limited machines available today. The selection constitutes the beginning of the finale of the agency’s post-quantum cryptography standardization project.

“NIST constantly looks to the future to anticipate the needs of U.S. industry and society as a whole, and when they are built, quantum computers powerful enough to break present-day encryption will pose a serious threat to our information systems,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio. “Our post-quantum cryptography program has leveraged the top minds in cryptography — worldwide — to produce this first group of quantum-resistant algorithms that will lead to a standard and significantly increase the security of our digital information.”

Four additional algorithms are under consideration for inclusion in the standard, and NIST plans to announce the finalists from that round at a future date. NIST is announcing its choices in two stages because of the need for a robust variety of defense tools. As cryptographers have recognized from the beginning of NIST’s effort, there are different systems and tasks that use encryption, and a useful standard would offer solutions designed for different situations, use varied approaches for encryption, and offer more than one algorithm for each use case in the event one proves vulnerable.

Quote
“Our post-quantum cryptography program has leveraged the top minds in cryptography — worldwide — to produce this first group of quantum-resistant algorithms that will lead to a standard and significantly increase the security of our digital information.” —NIST Director Laurie E. Locascio

Encryption uses math to protect sensitive electronic information, including the secure websites we surf and the emails we send. Widely used public-key encryption systems, which rely on math problems that even the fastest conventional computers find intractable, ensure these websites and messages are inaccessible to unwelcome third parties.

However, a sufficiently capable quantum computer, which would be based on different technology than the conventional computers we have today, could solve these math problems quickly, defeating encryption systems. To counter this threat, the four quantum-resistant algorithms rely on math problems that both conventional and quantum computers should have difficulty solving, thereby defending privacy both now and down the road.

The algorithms are designed for two main tasks for which encryption is typically used: general encryption, used to protect information exchanged across a public network; and digital signatures, used for identity authentication. All four of the algorithms were created by experts collaborating from multiple countries and institutions.

For general encryption, used when we access secure websites, NIST has selected the CRYSTALS-Kyber algorithm. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation.

For digital signatures, often used when we need to verify identities during a digital transaction or to sign a document remotely, NIST has selected the three algorithms CRYSTALS-Dilithium, FALCON and SPHINCS+ (read as “Sphincs plus”). Reviewers noted the high efficiency of the first two, and NIST recommends CRYSTALS-Dilithium as the primary algorithm, with FALCON for applications that need smaller signatures than Dilithium can provide. The third, SPHINCS+, is somewhat larger and slower than the other two, but it is valuable as a backup for one chief reason: It is based on a different math approach than all three of NIST’s other selections.

Three of the selected algorithms are based on a family of math problems called structured lattices, while SPHINCS+ uses hash functions. The additional four algorithms still under consideration are designed for general encryption and do not use structured lattices or hash functions in their approaches.

While the standard is in development, NIST encourages security experts to explore the new algorithms and consider how their applications will use them, but not to bake them into their systems yet, as the algorithms could change slightly before the standard is finalized.

To prepare, users can inventory their systems for applications that use public-key cryptography, which will need to be replaced before cryptographically relevant quantum computers appear. They can also alert their IT departments and vendors about the upcoming change. To get involved in developing guidance for migrating to post-quantum cryptography, see NIST’s National Cybersecurity Center of Excellence project page. 

All of the algorithms are available on the NIST website.



https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms


....


How would people feel if a campaign was made to mandate these cryptographic algorithms as standardized industry practices in everything regarding cryptography.

Would people prefer technologies like bitcoin using elliptic curve signatures or these vaunted new quantum resistant algorithms were are regulated and controlled by government agencies.

I would be interested to know what public opinion is on everything associated with quantum computers.

There is so much marketing behind the multiverse, web3, quantum computers, artificial intelligence and similar movements. We know there is a lot of hype. But how much faith and hope are people investing in these newfangled things.
hatshepsut93
Legendary
*
Offline Offline

Activity: 3038
Merit: 2162


View Profile
July 05, 2022, 11:31:08 PM
 #2

When NIST will officially deprecate the use of ECDSA, that's when it will be the time to start thinking about switching to quantum-resistant algorithms. We don't need to replace old algorithms with new, if the old ones are still sufficiently secure.

Also, what's the size of a signature in those algorithms? If it's much larger than currently used by Bitcoin, it would either require a blocksize increase or will seriously lower the on-chain capacity.
jackg
Copper Member
Legendary
*
Offline Offline

Activity: 2856
Merit: 3071


https://bit.ly/387FXHi lightning theory


View Profile
July 06, 2022, 03:20:36 AM
 #3

I think there's already one quantum proof algorithm/cryptography standard in wide use already (hash based cryptography). You're probably more likely to see that being adopted in cryptocurrencies if a move for quantum resistance had to be made very quickly.

Also, what's the size of a signature in those algorithms? If it's much larger than currently used by Bitcoin, it would either require a blocksize increase or will seriously lower the on-chain capacity.

This might be something determined when the standards are actually made as it's potentially not too relevant.

256bit is still a large number and I'm fairly certain quantum won't be able to compute that for some algorithms (especially those that rely on hashing).

If you had a 2-qubit machine, each clock tick could allow you to cover 4 operations to try to find a solution to a problem - the higher the qubit the faster something not quantum proof can be solved. As distinct (orders of) qubits get discovered it'll become easier for them to solve problems like those produced by ECDSA (ie finding a set of coordinate for a private key from a public key). The problem is, hashing algorithms are non linear (I assume the others rely of non linear operations too) which means the output (given a certain input) is hard to predict - so it's impossible to work out if you're close to an "answer" or not.

NotATether
Legendary
*
Offline Offline

Activity: 1806
Merit: 7475


Top Crypto Casino


View Profile WWW
July 06, 2022, 05:00:39 AM
 #4

So one diffie-hellman and 3 DSA successors? Nice.

How would people feel if a campaign was made to mandate these cryptographic algorithms as standardized industry practices in everything regarding cryptography.

We don't have to worry about that. OpenSSL will implement all of these algos, and then every website in the whole world from Lets Encrypt to the programming languages will implore on everyone to use the new signature types by default.

We might even get a TLS 1.4 that utilizes only these quantum-resistant algorithms.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
pooya87
Legendary
*
Offline Offline

Activity: 3654
Merit: 11095


Crypto Swap Exchange


View Profile
July 06, 2022, 06:33:32 AM
 #5

This topic belongs to a board like Development & Technical Discussion not Economics.

How would people feel if a campaign was made to mandate these cryptographic algorithms as standardized industry practices in everything regarding cryptography.
These things should change by experts not by public opinion and emotions. In other words you don't need a "campaign" to force people to switch algorithms just because a new one came along.
For example take SHA1, SHA2 and SHA3 development. When SHA1 became vulnerable, there was a natural migration to SHA2 over time and everyone affected by those vulnerabilities switched to version 2 naturally without needing any "campaigns". On the other hand when SHA3 came along in 2015, nobody switched to it and it is barely used even today simply because SHA2 is secure and will continue working fine for the foreseeable future.

Quote
Would people prefer technologies like bitcoin using elliptic curve signatures or these vaunted new quantum resistant algorithms were are regulated and controlled by government agencies.
All common cryptography algorithms are accepted and standardized by some government agency somewhere in the world. ECC is also standardized by NIST. People don't choose them for that reason though, they choose them when independent experts review them and find them secure enough without any backdoors.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
fiulpro
Hero Member
*****
Offline Offline

Activity: 1890
Merit: 831


View Profile
July 06, 2022, 06:58:48 PM
 #6

When NIST will officially deprecate the use of ECDSA, that's when it will be the time to start thinking about switching to quantum-resistant algorithms. We don't need to replace old algorithms with new, if the old ones are still sufficiently secure.

Also, what's the size of a signature in those algorithms? If it's much larger than currently used by Bitcoin, it would either require a blocksize increase or will seriously lower the on-chain capacity.

Replacing the old algorithms with the new one is secondary but what matters is all the hype about how the quantum computers would destroy cryptos and Bitcoins as well is gone after this news, people knew that IT always makes advancements and at the end of the day they did find a way to make sure the algorithm is safe from quantum computing.
Also not everyone would be able to get their hands on the Quantum Computers since they are not just expensive the government is not gonna loose their websites over handling every commoner who needs one as well. I think it's good to see that people are still working in making the whole thing better and stronger.
DaveF
Legendary
*
Offline Offline

Activity: 3682
Merit: 6686


Crypto Swap Exchange


View Profile WWW
July 07, 2022, 02:52:54 PM
 #7

Let me know when the 1st quantum computers are close to real operations and then we can start looking.
Quantum this quantum that, it's like the word cyber from the mid 90s to the mid 00s.
Yes it's coming, yes we are going to have to adapt, no it's not something that most end users will have to worry about.
New apps will come out that use more secure encryption and then end users will install them.

The programmers and other people dealing with the software will have to take care of it, but for the end users it will be just about invisible.
Kind of like when the old versions of SSL went away and the web adopted TLS. Most people didn't even know or notice.

-Dave

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
mynonce
Full Member
***
Offline Offline

Activity: 233
Merit: 253


View Profile
August 27, 2022, 06:03:06 PM
 #8

Post-quantum encryption contender is taken out by a common PC

"Last month, the US Department of Commerce's National Institute of Standards and Technology, or NIST, selected four post-quantum computing encryption algorithms to replace algorithms like RSA, Diffie-Hellman, and elliptic curve Diffie-Hellman, which are unable to withstand attacks from a quantum computer.

In the same move, NIST advanced four additional algorithms as potential replacements pending further testing in hopes one or more of them may also be suitable encryption alternatives in a post-quantum world. The new attack breaks SIKE, which is one of the latter four additional algorithms. The attack has no impact on the four PQC algorithms selected by NIST as approved standards, all of which rely on completely different mathematical techniques than SIKE."


source: https://arstechnica.com/information-technology/2022/08/sike-once-a-post-quantum-encryption-contender-is-koed-in-nist-smackdown/
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!