In the U.S, the National Institute of Standards and Technology (NIST) has provided updated guidance on approved quantum-resilient algorithms. With these standards in hand, NIST is encouraging computer system administrators to begin transitioning to post-quantum security as soon as possible.
Looking at this development is quantum security expert, Karl Holmqvist, Founder and CEO of Lastwall, a leading cybersecurity solutions provider of highly secure, identity-centric, and quantum resilient technologies.
Holmqvist has been a security enthusiast for over 20 years and is a repeat entrepreneur with a background in telecommunications and energy infrastructure building. He collaborates with government and critical sectors entities to advise on robust cybersecurity deployments that balance operational considerations with effective risk mitigation.
In addition, Holmqvist says that the latest advice form part of an iterative sequence of information about cyber-risk and the need for cyber-protection, observing: “We have been warned by the heads of the NSA, the FBI, and even the White House that there are active nation-state attacks stealing currently encrypted data and that we need to switch PQC algorithms.”
With the new report, Holmqvist states: “This announcement by NIST is fantastic and a positive progression for defence against a significant thread.”
The biggest game-changer is the advent of quantum technology. Here Holmqvist draws out: “In the last few years, the landscape of quantum computation has dramatically changed. The potential for a cryptographic class break is much more real than most people realize. Thirty years ago, in 1994, Peter Shor demonstrated that we would need approximately 4,100 qubits to factor 2048-bit RSA, which is the most broadly deployed asymmetric encryption algorithm. At that time, we had no quantum computers available, and people questioned if we would ever develop a functional quantum computer.”
Continuing with the historical context, Holmqvist finds: “Over 20 years ago, in 2001, IBM researchers used an early, extremely limited quantum computer, called a liquid-state nuclear magnetic resonance quantum computer, to show that Shor’s algorithm could run in reality.”
However, Holmqvist adds: “Quantum computers were small, and factoring 15 was not particularly impressive. Five years ago, KTH and Google researchers demonstrated that while we would need over 3,500 qubits to make each stable logical qubit, a 20-million-qubit system would crack 2048-bit RSA in less than eight hours.”
At this rate of development, urgent action is needed. Holmqvist warns: “Time is not on our side to change to quantum-resistant ciphers. We need to address this now – it’s time to get to work and eliminate outdated cryptography.”