Perttu Saarela, Xiphera’s Developer explains the meaning of hybrid models in the near future of Post-Quantum Cryptography.
Modern day public key cryptography is largely covered by RSA and Elliptic Curve Cryptography (ECC). These are based on integer factorization and the discrete logarithm problem, respectively. In 1994, Peter Shor introduced a quantum algorithm capable of breaking both RSA and ECC. Luckily for digital security, quantum computers capable of running these attacks are still a long way down the road. However, with quantum technology advancing every year, this threat cannot be left to fester, and this looming vulnerability should be addressed as soon as possible. The solution? Post-Quantum Cryptography (PQC).
The National Institute of Standards and Technology (NIST) started a standardisation process for new PQC algorithms in December 2016. The third round of the competition concluded in July 2022, and out of 15 finalists four winners were selected: three signature algorithms and one key-encapsulation mechanism. At the same time NIST also announced an extra fourth round where a few Round 3 candidates are investigated further. The four winners, and possibly some Round 4 candidates, will be standardized in the upcoming years.
What this means in practice, is that in a couple of years we will start seeing PQC algorithms implemented on many devices. However, new and exciting does not immediately imply secure. In cryptography old and unbroken is far more reliable than new with no apparent flaws. For example, two contenders that made it to Round 3 of the NIST competition have been completely broken (Rainbow, SIKE). This is not to say that PQC is doomed and untrustworthy but rather a cautionary example that we should not abandon our old ways from the get go. Instead, the current recommendation (for instance by the National Cybersecurity Agency of France ANSSI) is to use a hybrid model.
Click here to read more ...