El Instituto Nacional de Est\u00e1ndares y Tecnolog\u00eda (NITS, por sus siglas en ingl\u00e9s) de los EE.UU. public\u00f3 oficialmente las esperadas versiones finales de tres nuevos algoritmos de cifrado poscu\u00e1ntico , y se est\u00e1n preparando algoritmos adicionales m\u00e1s especializados. Todos ellos est\u00e1n dise\u00f1ados para defenderse de futuros ataques inform\u00e1ticos llevados a cabo por ordenadores cu\u00e1nticos, una amenaza no probada pero de r\u00e1pido desarrollo que podr\u00eda descifrar r\u00e1pidamente los tipos de cifrado que se utilizan casi universalmente en la actualidad, incluidos los que se utilizan en los sistemas m\u00e1s sensibles del Pent\u00e1gono.<\/p>\n
WASHINGTON \u2014 This morning the National Institute of Standards & Technology officially\u00a0released<\/a>\u00a0the long-awaited final versions of three new\u00a0post-quantum encryption<\/a>\u00a0algorithms, with additional, more specialized algorithms on the way. They\u2019re all designed to defend against future hacks carried out by quantum computers, an\u00a0unproven but rapidly developing threat<\/a>\u00a0that could quickly crack the kinds of encryption used almost universally today, including those used in the most sensitive Pentagon systems.<\/p>\n While implementing the NIST standards is voluntary for most private companies (albeit strongly recommended), they\u2019re mandatory for national security agencies, including the entire Defense Department. The official deadline set by the White House is not until 2035. But because the vulnerable algorithms have been so widely used for so many years, and are so deeply embedded in often obscure chunks of code, it may well take that long to root them all out and replace them.<\/p>\n \u201cThis is the starting gun for what may be the single largest overhaul of US government communication systems since the adoption of the Internet, as ordered by the President in\u00a0National Security Memorandum 10<\/a>,\u201d said RAND scientist\u00a0Edward Parker<\/a>. \u201cIt will probably go on for decades and will cost billions of dollars: OMB estimated $7.1 billion over the next decade for civilian federal government agencies alone, not including national security systems. It will cost even more time and money from the private sector.\u201d<\/p>\n \u201cThere\u2019s no time to waste,\u201d Parker told Breaking Defense. \u201cAny organization that handles sensitive data should get moving on migrating to PQC [post-quantum cryptography] as soon as possible.\u201d<\/p>\n Duncan Jones<\/a>, the head of quantum cybersecurity at vendor\u00a0Quantinuum<\/a>, put it even more bluntly: \u201cThe release of the standards is a wake-up call to any organization that has been dragging its heels on quantum.\u201d<\/p>\n In fact, many federal agencies and private companies have been at work for months or years. They haven\u2019t been implementing the actual algorithms, which were only formally finalized today after years of extensive testing that saw many promising candidates discarded along the way as NIST,\u00a0NSA<\/a>, or independent researchers found hidden weak points. Instead, they\u2019ve been laying the groundwork by taking inventory of their existing systems,\u00a0hunting through deeply buried subroutines<\/a>\u00a0to find all the instances of oldschool encryption they\u2019ll have to replace.<\/p>\n So, on the bright side, the three NIST standards formally released today \u2014 and a fourth expected to release by New Year\u2019s \u2014 are familiar to cybersecurity professionals and thoroughly tested after almost a decade of often highly publicized development. On the dark side, though, there are plenty of nasty surprises lurking in networks, internet-of-things devices, and possibly even weapons systems, all of which will take time and technical talent to fix.<\/p>\n \u201cI\u2019m sure that organizations will discover plenty of practical surprises as they migrate their systems over to PQC \u2014 for example, discovering that certain devices have traditional cryptography algorithms unexpectedly hard-coded in,\u201d Parker said. \u201cBut these issues should all be fixable. I don\u2019t think there are any true deal-breakers lurking out there.\u201d<\/p>\n Of course, \u201cfixable\u201d does not mean \u201ceasily\u201d or \u201ccheaply.\u201d<\/p>\n