Cyber ​​security faces a comprehensive overhaul. The US government has finalized a set of standards to protect internet communication from attacks by future quantum computers that could make most of the current digital protective measures ineffective.

The guidelines include an algorithm for safe communication through encryption and two algorithms for digital signatures that prevent hackers from imitation imitating a well -known user or a well -known device. It is expected to be taken over globally. The US National Institute of Standards and Technology (Nist) in Gaithersburg, Maryland, selected the three algorithms through a process that started in 2016 and used the help of cryptography specialists worldwide. Nist had announced a preliminary selection of four algorithms in 2022 and has now finalized the standards for three of them.

"It is great to see that they have finally been published," says Peter Schwabe, a cryptographic engineer at the Max Planck Institute for Security and Data Protection in Bochum, Germany, which has designed three of the four systems.

"These finalized standards contain instructions on their integration into products and encryption systems," says Dustin Moody, a mathematician at Nist who leads the standardization efforts. "We encourage system administrators to start integration into their systems immediately because the full integration will take time."

keep data secure

digital communication and transactions such as online shopping are almost universally based on a small set of algorithms for public key cryptography. These systems enable two parties to safely exchange information. Each party has its own public key, a sequence of numbers that you give everyone who wants to send you a message. The recipient can then decrypt the message with a private key that only he knows.

But current public key systems are known for decrypting with one of Peter Shor, a mathematician who is now working at the Massachusetts Institute of Technology in Cambridge, to be developed quantum algorithm. In 1994-at a time when the most rudimentary quantum computers did not exist and when internet communication just started to become mainstream-SHOR showed that such machines would quickly be able to crack the most popular public key systems. This could also expose devices such as credit cards and security passes to a hacking risk.

Thirty years later, the efforts to build quantum computers have made great progress, but the machines are still at least a decade from doing Shor's algorithm on something other than numbers with some places. Nevertheless, SHOR and others warned of complacency.

The new encryption algorithm selected by Nist is called Crystals-Kyber. Schwabe and his employees developed him from a technology that was first proposed in 2005 by the computer scientist Oded Regev at New York University. Schwabe says that the provision in the applications that most users are familiar with should be relatively smooth. "Browsers will migrate quickly, as will messaging apps and video conference systems," he says. It could take longer for the developers to catch up with small internet or WiFi, he adds.

Although Crystals-Kyber should be resistant to attacks by quantum computers, none of the existing public key algorithms-including the three nins selected-are mathematically proven to be completely safe, and researchers continue to work on alternatives, in the event. Nist himself evaluates "two other algorithic groups that could one day serve as a backup standard," said the institute in an explanation.

Although the nest announcement has now officially done this, there has been “Post quantum” algorithms for years. Some companies such as Cloudflare and IBM have already started to integrate them into their systems, while others were slower to adapt. "Many organizations have not yet started working on post-quantum migration and refer to the lack of standards- A situation called crypto-procrastination , "wrote Bas Westerbaan, a mathematician at the Internet service company Cloudflare, in a blog post last year. Security specialists hope that the nest announcement will now move most of the other organizations to start with the probably lengthy and complicated transition.