Security News > 2023 > August > You Can’t Rush Post-Quantum-Computing Cryptography Standards

I just read an article complaining that NIST is taking too long in finalizing its post-quantum-computing cryptography standards.

"This process has been going on since 2016, and since that time there has been a huge increase in quantum technology and an equally large increase in quantum understanding and interest. Yet seven years later, we have only four algorithms, although last week NIST announced that a number of other candidates are under consideration, a process that is expected to take"several years.

Ian Cassels, British mathematician and World War II cryptanalyst, once said that "Cryptography is a mixture of mathematics and muddle, and without the muddle the mathematics can be used against you." This mixture is particularly difficult to achieve with public-key algorithms, which rely on the mathematics for their security in a way that symmetric algorithms do not.

Post-quantum algorithms rely on other mathematical disciplines and problems­-code-based cryptography, hash-based cryptography, lattice-based cryptography, multivariate cryptography, and so on­-whose mathematics are both more complicated and less well-understood.

We have too much math and an inability to add more muddle, and that results in algorithms that are vulnerable to advances in mathematics.

It's the nature of these trap-door functions we're using for public-key cryptography.

News URL

https://www.schneier.com/blog/archives/2023/08/you-cant-rush-post-quantum-computing-standards.html