Future-Proof Data Encryption Bochum researchers win worldwide post-quantum cryptography competition

Secure encrypted communication is the basis for a global connected mobile world. However, the closer quantum computers, ultra-powerful computers, come to a realistic reach, the more tangible the risks to IT security become. The American National Institute for Standards and Technology (NIST) has recognized these risks posed by quantum computers for secure data encryption and started a process to standardize quantum computer-resistant cryptographic methods in 2016 already.

Research groups from all over the world submitted concepts for new encryption methods, and 15 methods made it to the finals of the competition. Three out of four of the now finally accepted submissions were developed by researchers from the Cluster of Excellence “Cyber Security in the Age of Large-Scale Adversaries” (CASA) at Ruhr-Universität Bochum. It has the goal of enabling sustainable IT security against large-scale adversaries, in particular nation-state attackers. In doing so, they gained a worldwide recognized standardization competition that will significantly influence the quantum computer-resistant encryption methods of the future.

Secure encryption for tomorrow’s computers

The standards certified by the federal agency are being adopted by numerous companies and online services, such as Amazon, Paypal and Google, based on experience, as they are considered particularly secure. “They represent better protection for digital communication – precisely because quantum computers would undermine previous encryption methods and signature systems,” says Professor Eike Kiltz, CASA spokesman and also a researcher in the procedure proposals CRYSTALS-KYBER and CRYSTALS-DILITHIUM. In addition to him, CASA Professors Tanja Lange, Peter Schwabe as well as Daniel Bernstein are involved in the selected methods. “The new NIST standard will certainly become one of the most influential documents in IT security,” Eike Kiltz continues.

Data security in the quantum world

It is still uncertain, however, when the first powerful computers will actually start work. What is clear, however, is that “quantum computers can solve the two mathematical operations on which today's asymmetric cryptographic methods are based – making the current security infrastructure virtually worthless,” says Professor Peter Schwabe, CASA researcher and research group leader at the Max Planck Institute for Security and Privacy (MPI-SP).

For this reason, NIST began in 2016 to identify and eventually standardize suitable replacements for the current generation of encryption methods. This next generation of cryptographic algorithms is referred to as post-quantum cryptography. NIST chose to use an open call for submissions of various approaches for this effort. Over the past five years, 69 proposals have been carefully analyzed for their security, efficiency, and other implementation characteristics.

The procedures now selected by NIST provide two different functionalities: the CRYSTALS-KYBER procedure enables secure key exchange over insecure communication channels such as the Internet. The SPHINCS+ and CRYSTALS-DILITHIUM procedures, known as digital signatures, are used to ensure the authenticity of data and senders. “The procedures developed show how important successful collaboration between basic research and application-oriented research is to ensure that the encryption of our data remains sustainably secure in the future,” explains Eike Kiltz.

European authorities are likely to adopt NIST standardization

NIST is expected to set standards for the USA and Europe with its choice. “The European authorities are also still examining the procedures selected by NIST, but experience shows that they will agree with the assessment of their U.S. American colleagues if they do not find any security gaps,” says Peter Schwabe. The reason for this is the encrypted data exchange between US and European services, which would otherwise no longer be possible.