The National Institute of Standards and Technology (NIST) should be releasing its list of post-quantum cryptography (PQC) standards “any day now,” according to NIST official Dustin Moody, who participated in a session on PQC at IQT’s Quantum Enterprise event in San Diego Tuesday.
“It was delayed from what I originally hoped, but there should be an announcement soon,” said Moody, who is a mathematician for NIST’s Computer Security Division. He said the list of standard candidates is now down to 15 total, with seven of those actual finalists and the other eight listed as alternates. The alternates may come into play if recent reports about the possible vulnerability of one or more standards causes any last-minute changes.
Many in the quantum sector had expected NIST’s PQC standards announcement to come in late April. A further update is likely to come from late Wednesday afternoon when Barbara Goldstein, Associate Director, Program Manager, NIST, speaks at the conference.
If the chatter among IQT event attendees and panelists this week is any indication, the sector is more than ready for the NIST announcement and to take the next step with PQC. Multiple sessions at the event served to reiterate PQC’s potential value, especially in future hybrid environments in which both PQC and quantum key distribution are used to protect metro and edge communications, as well as end point devices and applications.
But the need for PQC is also very real in the here and now, as “attack now, decrypt later” attacks are becoming a greater concern. “Many IBM customers are understanding that anything not protected now, may be lost to the quantum future,” said Michael Osborne, IBM Head Of Crypto-logical Research, IBM Zurich Lab.
Dan O’Shea has covered telecommunications and related topics including semiconductors, sensors, retail systems, digital payments and quantum computing/technology for over 25 years.