As information has become electronic, the encryption of that information has become imperative.
And with the news Tuesday (Aug. 13) that, after an eight-year-long process, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has finalized its principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer, businesses dealing with an emergent and sophisticated breed of cybercriminals can breathe a small sigh of relief.
While observers may be wondering what the big deal is about post-quantum (PQ) cryptography — particularly when nobody has actually seen or used a real quantum computer, and their commercial viability remains perpetually 10 years away — the big deal, so to speak, is actually a simple one: post-quantum security standards are by definition safer, more resilient, and more flexible than existing classical measures.
The advent of PQ protocols raises the bar for security solutions more broadly, and their standardization will have almost as large an impact on payments, commerce and the financial sector as quantum computing itself is one day slated to.
“The advancement of quantum computing plays an essential role in reaffirming America’s status as a global technological powerhouse and driving the future of our economic security,” said Deputy Secretary of Commerce Don Graves in a statement.
“NIST is providing invaluable expertise to develop innovative solutions to our quantum challenges, including security measures like post-quantum cryptography that organizations can start to implement to secure our post-quantum future. As this decade-long endeavor continues, we look forward to continuing Commerce’s legacy of leadership in this vital space,” the deputy secretary added.
Of the three NIST standards, one is intended for general encryption, which protects data as it moves across public networks, while the other two are meant to secure digital signatures, which are used to authenticate online identity — all crucial elements of the future connected economy.
Cybersecurity experts are now encouraged to incorporate these new algorithms into their systems, the agency said.
Read also: Quantum Computing Could Change Everything
While the advent of the quantum internet creates nearly infinite opportunities for payments and commerce, it also creates many pitfalls and challenges for enterprises.
As Michael Jabbara, global head of fraud services at Visa, told PYMNTS last March, bad actors have started to steal and hold onto encrypted data in preparation for quantum computing tools to enter the market and allow them to decrypt the information.
This kind of threat is known as harvest now, decrypt later (HNDL).
Already, in a move to improve the security of its iMessage app, Apple announced in February that it is upgrading its encryption system to fend off potential quantum computing attacks, while in September, encrypted messaging app Signal boosted its own encryption by adding support for the post-quantum cryptographic PQXDH protocol.
And most recently in May, Zoom announced that it was making post-quantum end-to-end encryption (E2EE) globally available across its Zoom Workplace platform.
“Quantum computing technology could become a force for solving many of society’s most intractable problems, and the new standards represent NIST’s commitment to ensuring it will not simultaneously disrupt our security,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio in a statement on Tuesday announcing the NIST’s standards. “These finalized standards are the capstone of NIST’s efforts to safeguard our confidential electronic information.”
Read more: Quantum Breakthrough From Microsoft Could Shorten Technology’s Go-to-Market Timeline
The three algorithms that the NIST has standardized are based on different math problems that would stymie both conventional and quantum computers, and they stand as strong proof points that we are at an inflection point in modern cybersecurity.
“These finalized standards include instructions for incorporating them into products and encryption systems,” said NIST mathematician Dustin Moody, who heads the PQC standardization project in a statement. “We encourage system administrators to start integrating them into their systems immediately, because full integration will take time. … There is no need to wait for future standards, go ahead and start using these three. We need to be prepared in case of an attack.”
As PYMNTS Intelligence has found, a central challenge the financial services and banking industry now faces is the need both to leverage new technologies and to master the art of securing them.
As next-generation financial services roll out, the ability to secure them effectively will likely be a key differentiator for banks and financial institutions — a litmus test for attracting and retaining customers in a digital-first economy.