In response to this threat, the National Institute of Standards and Technology (NIST) announced in 2015 that it would begin developing new standards for post-quantum cryptography. However, as EFF’s recent lawsuit against the government highlights, NIST has yet to issue a single draft standard for post-quantum encryption, causing serious harm to the security and privacy of people around the world.
The delay in adopting these standards is particularly concerning given that quantum computing will not only break many popular forms of cryptography but also allow the NSA to exploit vulnerabilities it has been stockpiling for years. This raises significant constitutional concerns, as EFF argues in its lawsuit against the government, which challenges the EPIC program’s violation of people’s privacy by allowing the government to spy on their communications without a warrant or any suspicion of wrongdoing.
In response to this urgent need for post-quantum cryptography, Cloudflare has deployed a preliminary version of these new key agreement methods on all its servers, providing an opportunity for testing and laying the groundwork for a smooth transition to a Post-Quantum Internet by 2024 when NIST is expected to finalize Kyber.
However, there are still challenges in this transition, as Cloudflare’s implementation only supports post-quantum key agreements in protocols based on TLS 1.3 and excludes websites operating under FIPS mode for the moment. Nevertheless, these developments offer hope that we can mitigate the potential impact of quantum computing on cryptography and protect our privacy and security in a rapidly changing technological landscape.
To better understand how this affects us as individuals, let’s take a closer look at some examples. Suppose you send an email to your friend using PGP (Pretty Good Privacy), which is currently one of the most popular encryption methods for emails. If quantum computing becomes widely available in the future, it could potentially break PGP and allow governments or other malicious actors to read your private messages without your consent.
However, if we adopt post-quantum cryptography standards like Kyber, this won’t be a problem anymore. These new encryption methods are designed specifically to resist attacks from quantum computers, ensuring that our communications remain secure even in the face of rapidly advancing technology.