Cybersecurity

US unveils new tools to withstand encryption-breaking quantum. Here's what experts are saying

The entrance to the US Department of Commerce’s National Institute of Standards and Technology.

'Quantum security is a new dawn for many,' said JPMorgan Chase's head of quantum and cryptography. Image: Jason Stoughton/NIST

Spencer Feingold
Digital Editor, World Economic Forum
Filipe Beato
Lead, Centre for Cybersecurity, World Economic Forum
This article is part of: Centre for Cybersecurity
  • Quantum computing brings significant opportunity — and cybersecurity risks.
  • New encryption algorithms have been designed to endure cyberattacks from quantum computers.
  • Industry experts told the World Economic Forum that the algorithms mark a “pivotal milestone” and are an “essential stepping stone.”

Earlier this month, a government lab in the United States released three highly anticipated encryption algorithms that were built to withstand cyberattacks from quantum computers.

The encryption standards, two of which were developed by IBM, can be used to “secure a wide range of electronic information, from confidential email messages to e-commerce transactions that propel the modern economy,” the US Department of Commerce’s National Institute of Standards and Technology (NIST) said in a statement.

The release comes as quantum computing — which employs quantum mechanics to solve complex computing problems — continues to develop rapidly.

Quantum technology, experts say, creates enormous economic and scientific opportunities given its ability to significantly boost computing power, but also poses serious cybersecurity risks. This includes rendering current encryption tools obsolete. In fact, NIST warns that quantum computing devices with encryption-breaking capabilities could be developed within the next decade, threatening the “security and privacy of individuals, organizations and entire nations”.

“The NIST standards are an essential stepping stone toward the broader imperative of cryptographic resilience,” Dr Michele Mosca, CEO of evolutionQ, told the World Economic Forum. “This seminal milestone will not only enable a quantum-safe posture for organizations who had prepared for this day, it will drive the rest of digital economy to accelerate its journey to quantum safety.”

The first four algorithms NIST has announced for post-quantum cryptography are based on structured lattices and hash functions, two families of math problems that could resist a quantum computer's assault.
NIST's cryptography is based on structured lattices and hash functions, two families of maths problems that can resist a quantum computer's assault. Image: Hanacek/NIST

‘Pivotal moment in the history of cryptography’

In 2016, NIST formally requested cryptographers from around the world to create and submit post-quantum encryption algorithms that could be analysed, tested and considered for standardisation.

Out of dozens of submissions, four were chosen to be standardised, three of which were released this month: ML-KEM, ML-DSA and SLH-DSA. All three post-quantum cryptographic algorithms are based on highly complex math equations that experts maintain can withstand the heightened computing power of quantum computers, keeping websites and internet traffic secure from third-party intrusions.

“The new NIST post-quantum cryptography standards represent a pivotal moment in the history of cryptography, setting the foundation for a secure digital future in the quantum era,” said Dr Vikram Sharma, Founder and CEO of QuintessenceLabs. “These standards will rapidly become the cornerstone of cybersecurity across industries, ensuring quantum-resilience for organizations handling sensitive information, and future-proofing systems of national significance and critical infrastructure.”

Image: World Economic Forum via Flourish

NIST is urging cybersecurity firms to immediately adopt the three encryption standards, which were all approved as Federal Information Processing Standards by the US Secretary of Commerce.

Sabrina Feng, the Chief Risk Officer for Technology, Cyber and Resilience at the London Stock Exchange Group, said that while the NIST standards are a significant development, they are “only the first steps of a long journey.” More post-quantum algorithms are needed, Feng stated, adding that “the security industry and end-user organizations should assess their own risks and develop a post-quantum strategy to counter the risks.”

The fourth standardized encryption algorithm, which was developed by IBM and is called FALCON, is scheduled to be released later this year.

“Quantum security is a new dawn for many,” added Charles Lim, Global Head of Quantum Communications and Cryptography at JPMorgan Chase. “It is important to take a holistic approach and consider quantum-safe solutions to achieve defense in depth.”

Loading...

Era of quantum

As technology has advanced in recent years, the quantum economy has grown significantly.

Recent research from Boston Consulting Group (BCG) found that quantum computing could add up to $850 billion in economic value to the global economy by 2040. In 2023 alone, quantum computing garnered an estimated $1.2 billion in venture capitalist investments, BCG noted.

The rise of quantum computing has increased the need to develop and implement post-quantum cybersecurity mechanisms. In a 2022 white paper, Transitioning to a Quantum-Secure Economy, the World Economic Forum detailed various drivers that can accelerate the transition. This includes quantum-powered cyber threats, regulatory pressures and market dynamics, among others.

The different drivers that could motivate an organization to kickstart its quantum transition.
The different drivers that could motivate an organization to kickstart its quantum transition. Image: World Economic Forum

The development of quantum-secure systems such as the NIST standards is especially critical for industries like the financial sector, experts say.

In January, a World Economic Forum whitepaper, Quantum Security for the Financial Sector: Informing Global Regulatory Approaches, noted that while “quantum computing promises to revolutionize operations” across the sector, it could also render “current encryption schemes obsolete, threatening consumer protections and the integrity of digital infrastructures and economies.” Such a scenario, the report added, “would not only undermine cybersecurity but also erode the foundation of trust and stability” across the financial industry.

“The NIST standards will help to end 'cryptoprocrastination' and achieve tangible progress in delivering quantum-safe products and services,” said Jaime Gómez García, Head of Quantum and Architecture at Crypto & Blockchain CoE, Banco Santander, adding that the release represents a “pivotal milestone in driving proactive efforts and enhancing cryptography management in organizations.”

The Forum's whitepaper, which was published in collaboration with the UK’s Financial Conduct Authority, also warned that there is a misalignment in the quantum regulatory landscapes around the world.

Nonetheless, the paper provides four guiding principles to ensure a secure transition to quantum computing. These include reusing and repurposing best practices; establishing non-negotiables; increasing transparency; and avoiding fragmentation.

Dr. Colin Soutar, global leader of quantum cyber readiness at Deloitte, lauded recent industry discussions around quantum computing and cybersecurity, noting that continued efforts need to start with “strategy and awareness.” Soutar also called for more discussion on the “potential impact on business mission and operations.”

Have you read?
Loading...
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
CybersecurityEmerging Technologies
Share:
World Economic Forum logo

Forum Stories newsletter

Bringing you weekly curated insights and analysis on the global issues that matter.

Subscribe today

4 ways to advance equity in cyberspace

Kate Whiting

December 12, 2024

The top cybersecurity stories from 2024

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum