A large part of the actions that involve exchanging data over the Internet are currently subject to encryption technologies, through algorithms that protect the security of the information transmitted.

The US National Institute of Standards and Technology (NIST) announced the adoption of four encryption systems as standards, a measure that could also be replicated in Europe.

They propose the use of new encryption algorithms on the Internet, with a view to the arrival of quantum computing

In the current technological environment, a promising advance is the arrival of quantum computing, thanks to the high processing capacity it offers with respect to the technologies currently predominant in computing.

Although it is still a technology under development, whose projection of entry into service is still uncertain, it is a fact that it will be necessary to provide these infrastructures with the necessary security resources. And here a large part of the currently used encryption systems come into question, since the power of quantum computers could exceed, and therefore discard the use of these means of protection.

Peter Schwabe, research group leader at the Max Planck Institute for Security and Privacy, who is also a professor at Radboud University Nijmegen, noted under this point that “as soon as the first quantum computers arrive, the current cryptographic protocols, which protect virtually all data traffic, will be obsolete because quantum computers will be able to solve the two mathematical problems on which current cryptography is based”.

Schwabe’s objections are that, under today’s prevailing technologies, it would take tens of thousands of years to do the calculations necessary to decrypt an information transaction. With quantum computers, on the other hand, conventional cryptography, based on the factorization of prime numbers, could be cracked in an instant.

Preceding this scenario, the NIST together with the Max Planck Institute, collaborated in the definition of four new standards, filtered from an initial list of 69 alternatives.

Two of the selected methods, called Sphincs+ and Crystals-Dilithium, are used for authentication purposes. Peter Schwabe, who also participated in its development, indicated that “For authentication, a signature in a so-called digital handshake ensures, for example, that a web browser is actually connected to the server it claims to be”. Schwabe was also part of the team that designed Crystals-Kyber, another of the selected algorithms. This procedure allows the secure exchange of cryptographic keys for subsequent communication.

Currently referred to in the workplace as “post-quantum cryptography”, this security mechanism is based on mathematical operations that, according to the current state of knowledge about how they operate, are almost as difficult for quantum computers as for conventional computers.

Based on previous experiences, there are reservations about the work of NIST, since in a previous instance its influential position was used, in a proven way, to leave open back doors for the US intelligence agency. However, aware of those criticisms, from the entity they point out that this situation responds to an isolated event, not premeditated, on which letters were taken in the matter to avoid.

The NIST proposal has the vocation to be adopted as a standard not only by the American authorities, but also by the European ones. «The new NIST standard will undoubtedly become one of the most influential documents in information technology security»noted Eike Kiltz, professor at Ruhr University Bochum and spokesperson for the Bochum Cluster of Excellence for Cyber ​​Security.

Although the European authorities are still examining the procedures selected by NIST, according to Schwabe, as long as they do not find security gaps, experience has shown that the European authorities will agree with the evaluation of their American colleagues, especially to allow encrypted data exchanges between services and computer programs located in the United States and the European Union, respectively, an initiative that would be highly valued by companies that have transnational infrastructures, such as Google, Amazon, Microsoft and an ever-increasing etcetera.