Cryptography uses math to protect sensitive electronic information, including the secure websites we surf and the emails we send. Widely used public-key cryptosystems
, who’s security relies on mathematical problems that even the fastest conventional computers find intractable, ensure that these websites and messages are inaccessible to unwelcome third parties.
However, a sufficiently capable quantum computer, which would be based on different technology than the conventional computers we have today, could solve these mathematical problems quickly, defeating encryption systems.
This is why The U.S. National Institute of Standards and Technology (NIST) in 2016
called upon the world’s cryptographers to devise and then vet methods for encryption and digital signature that could resist attacks from a future quantum computer.
-Our post-quantum cryptography program has leveraged the top minds in cryptography — worldwide — to produce this first group of quantum-resistant algorithms that will lead to a standard and significantly increase the security of our digital information. - NIST Director Laurie E. Locascio.
Ruben Niederhagen has been a member of the team that has contributed the SPHINCS+ algorithm, which has been selected as one of the solutions for digital signatures. Signatures are often used when we need to verify identities during a digital transaction or to sign a digital document. Three of the selected algorithms are based on a family of mathematical problems called “structured lattices”, while SPHINCS+ uses hash functions. SPHINCS+ is considered as very reliable and secure but it is a rather slow and large signature scheme. However, due to its security it is very valuable as a safety net if the other algorithms should fail. When it comes to a high level of security, diversity in the problem-solving method is key.
Ruben Niederhagen is naturally excited to be part of one of the winning projects:
-NIST standards have an important impact on IT security world-wide because they strongly influence what cryptography is being used all around the internet, not only when browsing the web, paying during online-shopping, and online-banking - but also for all kinds of other digital communication including IoT systems, cars, trains, airplanes and even satellites. Therefore, it is exciting to be part of research teams that proposed those upcoming standards - and I am looking forward to see which domains and applications are going to use a cryptographic scheme that I have been contributing to.
The four selected encryption algorithms will become part of NIST’s post-quantum cryptographic standard, expected to be finalized in about two years.
Four additional algorithms are under consideration for future inclusion in the standard and NIST plans to announce the finalists from that round at a future date in 2023 or 2024. Ruben has also been a contributor to “Classic McEliece”, which is one of these projects under ongoing consideration.