This is Hacker Public Radio episode 3,800 for Friday the 24th of February 2023.
Today's show is entitled, NIST Quantum Cryptography Update 2022-108.
It is part of the series' privacy and security.
It is hosted by Aweka and is about 15 minutes long.
It carries a clean flag.
The summary is, an update on the preparations for Quantum Computing.
Hello, this is Ahooka, welcoming you to another exciting episode of Hacker Public Radio.
And a NIST episode where I want to do is provide some updated information on a process
that's been going on for a while, and it has to do with quantum computing and encryption.
And I've reported on this before, so just calling this an update on what's going on.
I think it's worth taking a moment to look at this.
The problem we have, well, let's take a look at the National Institute of Standards and Technology
and IST.
Now that's the US government agency responsible for setting the standards for encryption
and technology that's used by the government, and has become really the effect of standard
setter for most of private industry as well, and does really make a whole lot of sense
to have more than one standard setting body.
NIST on the whole has done a pretty good job.
There has been one very lamentable lapse involving the NSA putting back doors into elliptical
curves.
Dr. Michael Scott has a nice explanation of this.
I have a link in the show notes if you want to know more about it.
And I think, you know, aside from that, one incident, I think NIST has done a pretty good
job.
All the evidence I've seen is that they felt like they got burned and lowered their
trust level for the NSA significantly.
Part of the problem here is that agencies like the NSA, on the one hand, have a lot of expertise,
that's undeniable, but on the other hand, they have their own agenda.
So I would say at this point NIST is much of an authority as there is in this business.
One of the things they've been looking at is quantum computing, and how that will affect
encryption.
The first news reports about quantum computing were full of breathless, the sky is falling
apocalyptic warnings that quantum computing would mean the end of all encryption that
no one would ever be able to keep secrets again and so on.
Now, this did, of course, greatly exaggerate the likely impact of quantum computing.
A first while the field is progressing rapidly, it is still an expensive and difficult
technology.
Typically the components of quantum computing, which are called Q bits, linked in the
show notes if you want to know more about that, they need to be kept in cryogenically
cold conditions, so that makes the technology expensive.
And they've really only been able to do a few dozen qubits at a time, I don't remember
exactly what the latest record is, but it's certainly under a thousand.
Now it seems unavoidable, you know, we all know more is law, okay?
Technology will improve, it will drop and cost, it will become practical.
So no one is denying the quantum computing is going to arrive and it is going to affect
things.
So at some point the encryption technology used today will become obsolete, that is undeniable.
But then that has happened many times before, and encryption is still here.
But let's suppose in ten years time it becomes something it is useful for governments
and large companies to implement, how will that affect most people?
Well, let's consider how most of us use encryption now.
For most people, their encounter with encryption happens when they log on to a website that
employs some form of TLS encryption to secure your online connections.
The current TLS encryption standard is TLS 1.3 adopted in 2018, and it replaced the now
deprecated SSL standard, first introduced by Netscape, the touch-out walled it is.
Anyone even heard of Netscape?
TLS 1.3 removed support for older now insecure encryption algorithms like MD5 and SAHA1,
and moved towards more secure algorithms like SAHA256.
The thing about MD5 is you may still run into it as a way of verifying the accuracy of downloads.
And it's still perfectly valid for that purpose.
It's just not secure against decryption attack, but as a way of validating the file is untouched, perfectly good.
Anyway, for right now TLS is secure, and given the high cost and limited application of
quantum computing right now, it will stay secure for some time into the future,
though for how long is open to some debate.
But the biggest threat to your secure online connection is not quantum computing, it is Doug.
And by Doug, I mean the guy who works for the online site who is on his computer at work
clicks on the wrong link and lets a hacker into the company network where they can download a database of all
the customers log in credentials.
Doug has always been the biggest threat and always will be.
The NSA is likely to be the first agency to implement practical quantum computing.
So let's say they have a practical working prototype right now.
Are they going to use it to steal your Netflix log in?
Of course not.
Now if they thought you were a Russian spy, they might want to hack your email.
Though I suspect they would just issue a legal subpoena to your email provider.
Typically is what happens. Now we have some current evidence, by the way, on just how secure
encryption is right now, and that comes from Ukraine.
Russia has a reputation for having good computer hackers working for them, but they don't have any idea
what the armed forces of the Ukraine are doing from one day to the next.
Ukraine's op-sec is excellent and they know what they're doing.
So what's the solution to all of this?
The current encryption standards are okay for now, but there will come a time when they're not okay anymore.
And that's exactly the situation we have faced many times.
Old standards fall and new ones take their place.
And NIST takes as its mission to look ahead and prepare for when that happens,
and they have done so in the case of quantum computing.
Quantum computing will definitely break current encryption at some time in the not too distant future.
And I found this quote on the NIST site, link in the show notes, of course.
Some engineers even predict that within the next 20 or so years,
sufficiently large quantum computers will be built to break essentially all public key schemes currently in use.
So that's their forecast within the next 20 or so years, all public key schemes currently in use.
But, you know, quantum computing is the sort that cuts both ways.
NIST is in a process of developing encryption technology that uses the power of quantum computing.
And we've looked at that a couple of times before, and I've got links in the show notes from previous shows we did,
one on encryption in quantum computing, and one on an update that I did in 2020.
So, you know, I just every few years I like to see what's going on here.
Now the way NIST does this is by creating competitions.
And those competitions let teams of researchers compete to develop new algorithms that are pitted against each other
to weed out the weaker ones and find the best ones.
This process has been going on to find the quantum computing algorithms.
At least since the initial RFC that was posted in 2016 called post-clantum cryptography proposed requirements in evaluation criteria.
And actually the NIST internally started worked in 2015.
So, you know, 2015-2016 is around the time all of this stuff kicks off.
Now it'll likely take a while to work through.
NIST also estimates that it takes about 20 years to work through all the process.
So, let's say 20 years from 2016 would be 2036 or so.
So, the ideal then would be to have a solution implemented somewhere around 2036,
and that that would be at least a few years before practical quantum decrypting machines come along.
Now one of the issues that NIST has to deal with is the classical computing.
That's the kind we do now with all those zeros and ones, and quantum computing, which is done with qubits.
They each have strengths and weaknesses.
Now the current algorithms we use are very strong for classical computers.
I've done the math on this before.
If done properly in encrypted message, could withstand and attack by thousands of computers working for billions of years.
But these algorithms could be solved by quantum computers in perhaps days.
What you might not realize is that the reverse can be true, and algorithm that is secure against quantum decryption might be easily broken by classical computing.
So, the algorithms that NIST is looking at have to be secure against both types of computing.
Now right now they have selected four algorithms for further development, out of an initial group of 69.
So, you can see how they winnow that down, and the four that they have selected, the first one is called Crystals-Cyber.
Now this is in the category of public key encryption and key establishment algorithms.
So it's kind of a general purpose encryption algorithm, something like RSA, which does much the same thing.
Then Crystals-Dylithium, which is a digital signature algorithm, Falcon, which is also a digital signature algorithm.
And Sphinx Sphinx Plus actually, which is also a digital signature algorithm.
So all of these four came out of the round three submissions.
So there were more than four in the initial group submitted, but those four made it through the winnowing process.
Now there's also a round four process going on.
And many of the algorithms that were not selected from the round three group have modified their specifications in response to comments and suggestions.
And we'll go back for another try.
So what's going on in the background is there's a discussion group, email list, and stuff like that going on.
Actually, I think it's a Google group, but they have all of these encryption experts from government industry academia.
And they're looking at these things and poking holes in them and saying, you know, this is weak, you need to fix it.
So as the way that process works, the algorithms from round three that did not make it are very often going on and round four with the modifications.
So that's how good algorithms rise to the top, you should not be surprised.
There's also a call for proposals for additional digital signature algorithms.
Link in the show notes. I got a lot of links in the show notes here.
So, you know, if you want more information on any of this stuff that chances others will link in the show notes.
So anyway, the NIST is going to keep looking for new and improved algorithms, and this first batch of four is far from the end of the process.
These four selected algorithms are what they call candidates to be standardized.
There could be additional developments, you know, it's not a final selection at this point. So what is the timeline?
NIST has proposed to have the initial standardized algorithms in place in 2024.
That's only two years away.
From what I'm recording this, but that is only the start of the process.
Just having a standard is not the same thing as having a solution in place.
For that to happen, the algorithms need to be embodied in systems throughout society, in corporations, websites, software packages, and so on.
And we know from experience that this takes a long time. For instance, we still don't have IPv6 in most applications, and the US still doesn't have sensible measurement units.
So you can't just assume that magically you wave a wand and everything is going to happen, and it's going to take some hard work.
So the idea that could take us into the 2030s to complete the rollout is to me, not at all far-fetched, but it is certainly a feasible timeline.
And if you're worried about hackers draining your bank account, don't worry about quantum computers, worry about Doug.
Always worry about Doug.
Well, this is a hookah for hacker public radio signing off, and is always encouraging everyone within the sound of my voice to support free software. Bye-bye.
You have been listening to hacker public radio as hacker public radio does work.
Today's show was contributed by a hbware listener like yourself, if you ever thought of a coin podcast, you click on our contribution to find out how easy it means.
HostingPrayHBR has been kindly provided by anomsthost.com, internet archive, and our Sync.net. On the satellite stages, today's show is released on our Creative Commons, attribution 4.0 international license.