US unveils new tools to withstand encryption-breaking quantum. Here's what experts are saying

Earlier this month, a government lab in the United States released three highly anticipated encryption algorithms that were built to withstand cyberattacks from quantum computers.

The encryption standards, two of which were developed by IBM, can be used to “secure a wide range of electronic information, from confidential email messages to e-commerce transactions that propel the modern economy,” the US Department of Commerce’s National Institute of Standards and Technology (NIST) said in a statement.

The release comes as quantum computing — which employs quantum mechanics to solve complex computing problems — continues to develop rapidly.

Quantum technology, experts say, creates enormous economic and scientific opportunities given its ability to significantly boost computing power, but also poses serious cybersecurity risks. This includes rendering current encryption tools obsolete. In fact, NIST warns that quantum computing devices with encryption-breaking capabilities could be developed within the next decade, threatening the “security and privacy of individuals, organizations and entire nations”.

“The NIST standards are an essential stepping stone toward the broader imperative of cryptographic resilience,” Dr Michele Mosca, CEO of evolutionQ, told the World Economic Forum. “This seminal milestone will not only enable a quantum-safe posture for organizations who had prepared for this day, it will drive the rest of digital economy to accelerate its journey to quantum safety.”

In 2016, NIST formally requested cryptographers from around the world to create and submit post-quantum encryption algorithms that could be analysed, tested and considered for standardisation.

Out of dozens of submissions, four were chosen to be standardised, three of which were released this month: ML-KEM, ML-DSA and SLH-DSA. All three post-quantum cryptographic algorithms are based on highly complex math equations that experts maintain can withstand the heightened computing power of quantum computers, keeping websites and internet traffic secure from third-party intrusions.

“The new NIST post-quantum cryptography standards represent a pivotal moment in the history of cryptography, setting the foundation for a secure digital future in the quantum era,” said Dr Vikram Sharma, Founder and CEO of QuintessenceLabs. “These standards will rapidly become the cornerstone of cybersecurity across industries, ensuring quantum-resilience for organizations handling sensitive information, and future-proofing systems of national significance and critical infrastructure.”

NIST is urging cybersecurity firms to immediately adopt the three encryption standards, which were all approved as Federal Information Processing Standards by the US Secretary of Commerce.

Sabrina Feng, the Chief Risk Officer for Technology, Cyber and Resilience at the London Stock Exchange Group, said that while the NIST standards are a significant development, they are “only the first steps of a long journey.” More post-quantum algorithms are needed, Feng stated, adding that “the security industry and end-user organizations should assess their own risks and develop a post-quantum strategy to counter the risks.”

The fourth standardized encryption algorithm, which was developed by IBM and is called FALCON, is scheduled to be released later this year.

“Quantum security is a new dawn for many,” added Charles Lim, Global Head of Quantum Communications and Cryptography at JPMorgan Chase. “It is important to take a holistic approach and consider quantum-safe solutions to achieve defense in depth.”

As technology has advanced in recent years, the quantum economy has grown significantly.

Recent research from Boston Consulting Group (BCG) found that quantum computing could add up to $850 billion in economic value to the global economy by 2040. In 2023 alone, quantum computing garnered an estimated $1.2 billion in venture capitalist investments, BCG noted.

The rise of quantum computing has increased the need to develop and implement post-quantum cybersecurity mechanisms. In a 2022 white paper, Transitioning to a Quantum-Secure Economy, the World Economic Forum detailed various drivers that can accelerate the transition. This includes quantum-powered cyber threats, regulatory pressures and market dynamics, among others.

The development of quantum-secure systems such as the NIST standards is especially critical for industries like the financial sector, experts say.

In January, a World Economic Forum whitepaper, Quantum Security for the Financial Sector: Informing Global Regulatory Approaches, noted that while “quantum computing promises to revolutionize operations” across the sector, it could also render “current encryption schemes obsolete, threatening consumer protections and the integrity of digital infrastructures and economies.” Such a scenario, the report added, “would not only undermine cybersecurity but also erode the foundation of trust and stability” across the financial industry.

“The NIST standards will help to end 'cryptoprocrastination' and achieve tangible progress in delivering quantum-safe products and services,” said Jaime Gómez García, Head of Quantum and Architecture at Crypto & Blockchain CoE, Banco Santander, adding that the release represents a “pivotal milestone in driving proactive efforts and enhancing cryptography management in organizations.”

The Forum's whitepaper, which was published in collaboration with the UK’s Financial Conduct Authority, also warned that there is a misalignment in the quantum regulatory landscapes around the world.

Nonetheless, the paper provides four guiding principles to ensure a secure transition to quantum computing. These include reusing and repurposing best practices; establishing non-negotiables; increasing transparency; and avoiding fragmentation.

Dr. Colin Soutar, global leader of quantum cyber readiness at Deloitte, lauded recent industry discussions around quantum computing and cybersecurity, noting that continued efforts need to start with “strategy and awareness.” Soutar also called for more discussion on the “potential impact on business mission and operations.”