Cybersecurity is about to undergo a major overhaul. The U.S. government has finalized a set of standards to protect Internet communications from attacks by future quantum computers that could render most current digital protections ineffective.

The guidelines include an algorithm for secure communications through encryption and two digital signature algorithms that prevent hackers from impersonating a known user or device. They are expected to be adopted globally. The US National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland, selected the three algorithms through a process that began in 2016 and enlisted the help of cryptography specialists worldwide. NIST had announced a preliminary selection of four algorithms in 2022 and has now finalized the standards for three of them.

“It's great to see that they've finally been released,” says Peter Schwabe, a cryptographic engineer at the Max Planck Institute for Security and Privacy in Bochum, Germany, who designed three of the four systems.

“These finalized standards provide instructions for integrating them into products and encryption systems,” says Dustin Moody, a mathematician at NIST who is leading the standardization effort. “We encourage system administrators to begin integrating into their systems immediately as full integration will take time.”

Keep data secure

Digital communications and transactions such as online shopping are almost universally based on a small set of public key cryptography algorithms. These systems allow two parties to exchange information securely. Each party has its own public key, a sequence of numbers that they give to anyone who wants to send them a message. The recipient can then decrypt the message using a private key that only they know.

But current public-key systems are known to be vulnerable to decryption using a quantum algorithm developed by Peter Shor, a mathematician now at the Massachusetts Institute of Technology in Cambridge. In 1994—at a time when not even the most rudimentary quantum computers existed and when Internet communications was just beginning to become mainstream—Shor showed that such machines would quickly be able to crack the most popular public-key systems. This could also put devices such as credit cards and security passes at risk of hacking.

Thirty years later, efforts to build quantum computers have made great strides, but the machines are still at least a decade away from running Shor's algorithm on anything other than numbers with a few digits. Nevertheless, Shor and others have warned against complacency.

The new encryption algorithm selected by NIST is called CRYSTALS-Kyber. Schwabe and his colleagues developed it from a technique first proposed in 2005 by computer scientist Oded Regev at New York University. Schwabe says deployment should be relatively smooth in the applications most users are familiar with - web browsing and smartphone apps. “Browsers will migrate quickly, as will messaging apps and video conferencing systems,” he says. It could take longer for developers of small Internet or WiFi-connected devices to catch up, he adds.

Although CRYSTALS-Kyber should be resistant to attacks from quantum computers, none of the existing public key algorithms - including the three selected by NIST - are mathematically proven to be completely secure, and researchers will continue to work on alternatives, just in case. NIST itself is evaluating “two additional groups of algorithms that could one day serve as backup standards,” the institute said in a statement.

Although the NIST announcement has now made this official, “post-quantum” algorithms have been around for years. Some companies like Cloudflare and IBM have already started integrating them into their systems, while others have been slower to adapt. “Many organizations have not yet started work on post-quantum migration, citing the lack of standards – a situation that has been referred to as cryptoprocrastination " wrote Bas Westerbaan, a mathematician at internet services firm Cloudflare, in a blog post last year. Security specialists hope the NIST announcement will now persuade most other organizations to begin what is likely to be a lengthy and complicated transition.