NIST releases draft algorithms for quantum-resistant cryptography

The National Institute of Standards and Technology is accepting feedback on draft Federal Information Processing Standards 203, 204 and 205 until November 22, according to its announcement in the Federal Register.

After the comment period, NIST’s cryptographic standards are intended for use beginning in 2024, officials said.

The NIST Post-quantum cryptography The project spans approximately four years in a six-year effort to develop public-key cryptographic algorithms capable of protecting sensitive and proprietary information.

The advancement of quantum computing poses a real threat that the entire cybersecurity infrastructure of the modern world will become effectively obsolete in the coming years, with immensely powerful computers potentially soon able to crack the encryption on which the vast majority of security systems rely.

NIST said in its announcement on August 24 that while the three quantum-resistant encryption algorithms will be the first, “they won’t be the last.”

Next year, the institute will release a draft standard for FALCON, a fourth algorithm that NIST selected for development last year, and is further developing a second set of algorithms that will “provide alternative defense methods if one of the selected algorithms exhibits a weakness in the future.”

Quantum computers and their qubits go beyond binary computing and can perform complex calculations at speeds that far exceed even today’s most advanced supercomputers.

Quantum computing has shown promising results in making the training of machine learning models more efficient and enabling higher accuracy. According to Frederik Flöther, a quantum expert who spoke, this is already changing the way machine learning is applied to healthcare data in a variety of use cases, such as genomic sequencing, virtual screening in drug discovery, medical image classification, disease risk prediction and adaptive radiotherapy. at HIMSS23 earlier this year.

The danger is that in the wrong hands, quantum computers could quickly crack any code that binary computers can create – and pose a fundamental challenge to most modern security cryptography.

As reported in a fascinating New Yorker function Last December, Bell Labs mathematician Peter Shor showed how quantum computers could help crack widely used encryption standards, leaving the vast majority of security forces and systems powerless against penetration.

Shor told the magazine he thought it was possible he would see this happen in his lifetime.

At the HIMSS Cybersecurity Forum in Boston in December 2022, Matthew Scholldivision head of NIST’s Computer Security Division, sounded the alarm about what quantum could mean for the existing security infrastructure of most modern technology networks.

“A lot of our security capabilities and control – and this is coming from an individual who leads most of the cybersecurity portfolio at NIST – is built on sand,” Scholl said. “We have abstracted much of our security capabilities on top of actions and activities for which there is no sound measurement, understanding or actual strong capability.

“There are very few well-founded cybersecurity capabilities on which we can base our abstractions,” he explains. “Whether it is philosophical discussions about risk management, the abstracted level of an audit statement within an 800-53 security control document, or even about the implementation of an identity and access management system.”

NIST’s new quantum-resistant encryption standards are intended to provide some protection to strengthen defenses against that risk.

For his part, Flöther said Healthcare IT news in April that now is the time to prepare cybersecurity systems to protect and defend against cyber attacks using quantum computing.

“Some quantum algorithms, especially Shor’s algorithm… can provide significant speedups in solving mathematical problems central to current cryptographic methods,” he said. “As a result, many of the currently used cryptographic protocols will become ineffective once quantum hardware and software are improved to the point where these algorithms can be used for larger problems.

“Furthermore, the future confidentiality of today’s data is already threatened by ‘harvest now, decrypt later’ attacks. Therefore, it is imperative that organizations, especially those dealing with sensitive data that needs to be kept secure for a long time (as is common in the medical space), start developing roadmaps for the transition to quantum-safe cryptographic standards. “

Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.