hpr_transcripts/hpr3800.txt

Episode: 3800
Title: HPR3800: NIST Quantum Cryptography Update 20221008
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3800/hpr3800.mp3
Transcribed: 2025-10-25 05:32:14

---

This is Hacker Public Radio Episode 3,800 for Friday the 24th of February 2023.
Today's show is entitled, NIST Quantum Cryptography Update 2022-108.
It is part of the series' privacy and security.
It is hosted by Aweka, and is about 15 minutes long.
It carries a clean flag.
The summary is an update on the preparations for quantum computing.
Hello, this is Aweka, welcoming you to another exciting episode of Hacker Public Radio.
And on this episode, what I want to do is provide some updated information on a process that's
been going on for a while, and it has to do with quantum computing and encryption.
And I've reported on this before, so I'm just calling this an update on what's going on.
I think it's worth taking a moment to look at this.
The problem we have, well, let's take a look at the National Institute of Standards and
Technology, NIST. Now that's the U.S. government agency responsible for setting the standards
for encryption technology that's used by the government, and has become really the de facto
standard setter for most of private industry as well. It doesn't really make a whole lot of sense
to have more than one standard setting body. And NIST on the whole has done a pretty good job
there has been one very lamentable lapse involving the NSA putting back doors into elliptical curves.
Dr. Michael Scott has a nice explanation of this. I have a link in the show notes if you want
to know more about it. And I think, aside from that one incident, I think NIST has done a pretty
good job. All the evidence I've seen is that they felt like they got burned and they lowered
their trust level for the NSA significantly. Part of the problem here is that agencies like the NSA
on the one hand have a lot of expertise. That's undeniable. But on the other hand,
they have their own agenda. So I would say at this point NIST is as much of an authority as there
is in this business. And one of the things they've been looking at is quantum computing and how
that will affect encryption. Now the first news reports about quantum computing were full of
breathless, the sky is falling apocalyptic warnings that quantum computing would mean the end of
all encryption that no one would ever be able to keep secrets again and so on. Now this did,
of course, greatly exaggerate the likely impact of quantum computing. At first, while the field
is progressing rapidly, it is still an expensive and difficult technology. Typically, the components
of quantum computing, which are called qubits, linking the show notes if you want to know more about
that, they need to be kept in cryogenically cold conditions. So that makes the technology expensive.
And they've really only been able to do a few dozen qubits at a time. I don't remember exactly
what the latest record is, but it's certainly under a thousand. Now it seems unavoidable.
We all know Moore's law. Technology will improve, it will drop in cost, it will become practical.
So no one is denying that quantum computing is going to arrive and it is going to affect things.
So at some point, the encryption technology used today will become obsolete. That is undeniable.
But then that has happened many times before and encryption is still here.
But let's suppose in 10 years time it becomes something that is useful for governments and
large companies to implement. Well, how will that affect most people? Well, let's consider how most
of us use encryption now. For most people, their encounter with encryption happens when they
log on to a website that employs some form of TLS encryption to secure your online connections.
The current TLS encryption standard is TLS 1.3, adopted in 2018. And it replaced the now deprecated
SSL standard first introduced by Netscape. That tells you how old it is. Anyone even heard of Netscape?
TLS 1.3 removes support for older, now insecure encryption algorithms like MD5 and SHA1
and move towards more secure algorithms like SHA256. Now the thing about MD5 is you may still run
into it as a way of verifying the accuracy of downloads. And it's still perfectly valid for that
purpose. It's just not secure against decryption attack, but as a way of validating
that a file is untouched, perfectly good. Anyway, for right now, TLS is secure.
And given the high cost and limited application of quantum computing right now, it will stay secure
for some time into the future, though for how long is open to some debate.
But the biggest threat to your secure online connection is not quantum computing, it is Doug.
And by Doug, I mean the guy who works for the online site,
who is on his computer at work, clicks on the wrong link and lets a hacker into the company network,
where they can download a database of all the customers log in credentials. Doug has always been
the biggest threat and always will be. Now, the NSA is likely to be the first agency to implement
practical quantum computing. So let's say they have a practical working prototype right now.
Are they going to use it to steal your Netflix log in? Of course not. Now, if they thought you were
a Russian spy, they might want to hack your email. Though I suspect they would just issue a legal
subpoena to your email provider. That typically is what happens. Now, we have some current evidence,
by the way, on just how secure encryption is right now, and that comes from Ukraine.
Russia has a reputation for having good computer hackers working for them,
but they don't have any idea what the armed forces of the Ukraine are doing from one day to the next.
Ukraine's op-sec is excellent and they know what they're doing.
So, what's the solution to all of this? The current encryption standards are okay for now,
but there will come a time when they're not okay anymore. And that's exactly the situation we
have faced many times. Old standards fall and new ones take their place. And NIST takes as
its mission to look ahead and prepare for when that happens, and they have done so in the case of
quantum computing. Quantum computing will definitely break current encryption at some time in the
not too distant future. Now, I found this quote on the NIST site, link in the show notes, of course.
Some engineers even predict that within the next 20 or so years, sufficiently large quantum
computers will be built to break essentially all public key schemes currently in use.
So, that's their forecast. Within the next 20 or so years, all public key schemes currently in use.
But quantum computing is the sort that cuts both ways. NIST is in a process of developing
encryption technology that uses the power of quantum computing. And we've looked at that a couple
of times before, and I've got links in the show notes from previous shows we did, one on encryption
in quantum computing, and one on an update that I did in 2020. So, you know, I just every
every few years I like to see what's going on here. Now, the way NIST does this is by creating
competitions. And those competitions let teams of researchers compete to develop new algorithms
that are pitted against each other to weed out the weaker ones and find the best ones.
This process has been going on to find the quantum computing algorithms, at least since the initial
RFC that was posted in 2016 called post-clantum cryptography, proposed requirements in evaluation
criteria. And actually, the NIST internally started work in 2015. So, you know, 2015, 2016 is
around the time all of this stuff kicks off. Now, it'll likely take a while to work through.
NIST also estimates that it takes about 20 years to work through all the process.
So, let's see, 20 years from 2016 would be 2036 or so. So, the ideal then would be to have a
solution implemented somewhere around 2036, and that that would be at least a few years before
practical quantum decrypting machines come along. Now, one of the issues that NIST has to deal with
is the classical computing. That's the kind we do now with all those zeros and ones,
and quantum computing, which is done with qubits. They each have strengths and weaknesses.
Now, the current algorithms we use are very strong for classical computers. I've done the math
on this before. If done properly, an encrypted message could withstand and attack by thousands of
computers working for billions of years. But these algorithms could be solved by quantum computers
in perhaps days. What you might not realize is that the reverse can be true, and algorithm
to secure against quantum decryption might be easily broken by classical computing.
So, the algorithms that NIST is looking at have to be secure against both types of computing.
Now, right now, they have selected four algorithms for further development out of an initial
group of 69. So, you can see how they window that down. And the four that they have selected,
the first one is called crystals dash kyber. Now, this is in the category of public key encryption
and key establishment algorithms. So, it's kind of a general purpose encryption algorithm,
something like RSA, which does much the same thing. Then, crystals dash dilithium,
which is a digital signature algorithm, Falcon, which is also a digital signature algorithm,
and sinks, sinks plus, actually, which is also a digital signature algorithm.
So, all of these four came out of the round three submissions. So, there were more than four
in the initial group submitted, but those four made it through the winnowing process.
Now, there's also a round four process going on. And many of the algorithms that were not
selected from the round three group have modified their specifications in response to comments and
suggestions, and we'll go back for another try. So, what's going on in the background is there's
a discussion group email list and stuff like that going on. Actually, I think it's a Google group,
but they have all of these encryption experts from government, industry, academia,
and they're looking at these things and poking holes in them and saying, this is weak, you
need to fix it. So, as the way that process works, the algorithms from round three that did not make it
are very often going on in round four with the modifications. So, that's how good algorithms
rise to the top. You should not be surprised. There's also a call for proposals for additional
digital signature algorithms. Link in the show notes. I got a lot of links in the show notes here.
So, you know, if you want more information on any of this stuff that changes others,
a link in the show notes. So, anyway, the NIST is going to keep looking for new and improved algorithms
and this first batch of four is far from the end of the process. These four selected algorithms are
what they call candidates to be standardized. There could be additional developments, you know,
it's not a final selection at this point. So, what is the timeline? NIST has proposed to have
the initial standardized algorithms in place in 2024. That's only two years away.
From when I'm recording this, but that is only the start of the process.
Just having a standard is not the same thing as having a solution in place. For that to happen,
the algorithms need to be embodied in systems throughout society,
in corporations, websites, software packages, and so on. And we know from experience that this
takes a long time. For instance, we still don't have IPv6 in most applications and the US still
doesn't have sensible measurement units. So, you can't just assume that magically you wave a
wand and everything is going to happen. It's going to take some hard work.
So, the idea that could take us into the 2030s to complete the rollout is to me, not at all far
fetched, but it is certainly a feasible timeline. And if you're worried about hackers draining your
bank account, don't worry about quantum computers, worry about Doug. Always worry about Doug.
Well, this is Ahuka for Hacker Public Radio. Signing off and as always, encouraging everyone
within the sound of my voice to support free software. Bye-bye.
You have been listening to Hacker Public Radio at Hacker Public Radio. Does it work?
Today's show was contributed by a HBR listener like yourself. If you ever thought of recording
broadcast, you click on our contribute link to find out how easy it really is.
Hosting for HBR has been kindly provided by an honesthost.com, the Internet Archive and our
Sims.net. On this address status, today's show is released under Creative Commons,
Attribution 4.0 International License.
Initial commit: HPR Knowledge Base MCP Server - MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-10-26 10:54:13 +00:00			`Episode: 3800`
			`Title: HPR3800: NIST Quantum Cryptography Update 20221008`
			`Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3800/hpr3800.mp3`
			`Transcribed: 2025-10-25 05:32:14`

			`---`

			`This is Hacker Public Radio Episode 3,800 for Friday the 24th of February 2023.`
			`Today's show is entitled, NIST Quantum Cryptography Update 2022-108.`
			`It is part of the series' privacy and security.`
			`It is hosted by Aweka, and is about 15 minutes long.`
			`It carries a clean flag.`
			`The summary is an update on the preparations for quantum computing.`
			`Hello, this is Aweka, welcoming you to another exciting episode of Hacker Public Radio.`
			`And on this episode, what I want to do is provide some updated information on a process that's`
			`been going on for a while, and it has to do with quantum computing and encryption.`
			`And I've reported on this before, so I'm just calling this an update on what's going on.`
			`I think it's worth taking a moment to look at this.`
			`The problem we have, well, let's take a look at the National Institute of Standards and`
			`Technology, NIST. Now that's the U.S. government agency responsible for setting the standards`
			`for encryption technology that's used by the government, and has become really the de facto`
			`standard setter for most of private industry as well. It doesn't really make a whole lot of sense`
			`to have more than one standard setting body. And NIST on the whole has done a pretty good job`
			`there has been one very lamentable lapse involving the NSA putting back doors into elliptical curves.`
			`Dr. Michael Scott has a nice explanation of this. I have a link in the show notes if you want`
			`to know more about it. And I think, aside from that one incident, I think NIST has done a pretty`
			`good job. All the evidence I've seen is that they felt like they got burned and they lowered`
			`their trust level for the NSA significantly. Part of the problem here is that agencies like the NSA`
			`on the one hand have a lot of expertise. That's undeniable. But on the other hand,`
			`they have their own agenda. So I would say at this point NIST is as much of an authority as there`
			`is in this business. And one of the things they've been looking at is quantum computing and how`
			`that will affect encryption. Now the first news reports about quantum computing were full of`
			`breathless, the sky is falling apocalyptic warnings that quantum computing would mean the end of`
			`all encryption that no one would ever be able to keep secrets again and so on. Now this did,`
			`of course, greatly exaggerate the likely impact of quantum computing. At first, while the field`
			`is progressing rapidly, it is still an expensive and difficult technology. Typically, the components`
			`of quantum computing, which are called qubits, linking the show notes if you want to know more about`
			`that, they need to be kept in cryogenically cold conditions. So that makes the technology expensive.`
			`And they've really only been able to do a few dozen qubits at a time. I don't remember exactly`
			`what the latest record is, but it's certainly under a thousand. Now it seems unavoidable.`
			`We all know Moore's law. Technology will improve, it will drop in cost, it will become practical.`
			`So no one is denying that quantum computing is going to arrive and it is going to affect things.`
			`So at some point, the encryption technology used today will become obsolete. That is undeniable.`
			`But then that has happened many times before and encryption is still here.`
			`But let's suppose in 10 years time it becomes something that is useful for governments and`
			`large companies to implement. Well, how will that affect most people? Well, let's consider how most`
			`of us use encryption now. For most people, their encounter with encryption happens when they`
			`log on to a website that employs some form of TLS encryption to secure your online connections.`
			`The current TLS encryption standard is TLS 1.3, adopted in 2018. And it replaced the now deprecated`
			`SSL standard first introduced by Netscape. That tells you how old it is. Anyone even heard of Netscape?`
			`TLS 1.3 removes support for older, now insecure encryption algorithms like MD5 and SHA1`
			`and move towards more secure algorithms like SHA256. Now the thing about MD5 is you may still run`
			`into it as a way of verifying the accuracy of downloads. And it's still perfectly valid for that`
			`purpose. It's just not secure against decryption attack, but as a way of validating`
			`that a file is untouched, perfectly good. Anyway, for right now, TLS is secure.`
			`And given the high cost and limited application of quantum computing right now, it will stay secure`
			`for some time into the future, though for how long is open to some debate.`
			`But the biggest threat to your secure online connection is not quantum computing, it is Doug.`
			`And by Doug, I mean the guy who works for the online site,`
			`who is on his computer at work, clicks on the wrong link and lets a hacker into the company network,`
			`where they can download a database of all the customers log in credentials. Doug has always been`
			`the biggest threat and always will be. Now, the NSA is likely to be the first agency to implement`
			`practical quantum computing. So let's say they have a practical working prototype right now.`
			`Are they going to use it to steal your Netflix log in? Of course not. Now, if they thought you were`
			`a Russian spy, they might want to hack your email. Though I suspect they would just issue a legal`
			`subpoena to your email provider. That typically is what happens. Now, we have some current evidence,`
			`by the way, on just how secure encryption is right now, and that comes from Ukraine.`
			`Russia has a reputation for having good computer hackers working for them,`
			`but they don't have any idea what the armed forces of the Ukraine are doing from one day to the next.`
			`Ukraine's op-sec is excellent and they know what they're doing.`
			`So, what's the solution to all of this? The current encryption standards are okay for now,`
			`but there will come a time when they're not okay anymore. And that's exactly the situation we`
			`have faced many times. Old standards fall and new ones take their place. And NIST takes as`
			`its mission to look ahead and prepare for when that happens, and they have done so in the case of`
			`quantum computing. Quantum computing will definitely break current encryption at some time in the`
			`not too distant future. Now, I found this quote on the NIST site, link in the show notes, of course.`
			`Some engineers even predict that within the next 20 or so years, sufficiently large quantum`
			`computers will be built to break essentially all public key schemes currently in use.`
			`So, that's their forecast. Within the next 20 or so years, all public key schemes currently in use.`
			`But quantum computing is the sort that cuts both ways. NIST is in a process of developing`
			`encryption technology that uses the power of quantum computing. And we've looked at that a couple`
			`of times before, and I've got links in the show notes from previous shows we did, one on encryption`
			`in quantum computing, and one on an update that I did in 2020. So, you know, I just every`
			`every few years I like to see what's going on here. Now, the way NIST does this is by creating`
			`competitions. And those competitions let teams of researchers compete to develop new algorithms`
			`that are pitted against each other to weed out the weaker ones and find the best ones.`
			`This process has been going on to find the quantum computing algorithms, at least since the initial`
			`RFC that was posted in 2016 called post-clantum cryptography, proposed requirements in evaluation`
			`criteria. And actually, the NIST internally started work in 2015. So, you know, 2015, 2016 is`
			`around the time all of this stuff kicks off. Now, it'll likely take a while to work through.`
			`NIST also estimates that it takes about 20 years to work through all the process.`
			`So, let's see, 20 years from 2016 would be 2036 or so. So, the ideal then would be to have a`
			`solution implemented somewhere around 2036, and that that would be at least a few years before`
			`practical quantum decrypting machines come along. Now, one of the issues that NIST has to deal with`
			`is the classical computing. That's the kind we do now with all those zeros and ones,`
			`and quantum computing, which is done with qubits. They each have strengths and weaknesses.`
			`Now, the current algorithms we use are very strong for classical computers. I've done the math`
			`on this before. If done properly, an encrypted message could withstand and attack by thousands of`
			`computers working for billions of years. But these algorithms could be solved by quantum computers`
			`in perhaps days. What you might not realize is that the reverse can be true, and algorithm`
			`to secure against quantum decryption might be easily broken by classical computing.`
			`So, the algorithms that NIST is looking at have to be secure against both types of computing.`
			`Now, right now, they have selected four algorithms for further development out of an initial`
			`group of 69. So, you can see how they window that down. And the four that they have selected,`
			`the first one is called crystals dash kyber. Now, this is in the category of public key encryption`
			`and key establishment algorithms. So, it's kind of a general purpose encryption algorithm,`
			`something like RSA, which does much the same thing. Then, crystals dash dilithium,`
			`which is a digital signature algorithm, Falcon, which is also a digital signature algorithm,`
			`and sinks, sinks plus, actually, which is also a digital signature algorithm.`
			`So, all of these four came out of the round three submissions. So, there were more than four`
			`in the initial group submitted, but those four made it through the winnowing process.`
			`Now, there's also a round four process going on. And many of the algorithms that were not`
			`selected from the round three group have modified their specifications in response to comments and`
			`suggestions, and we'll go back for another try. So, what's going on in the background is there's`
			`a discussion group email list and stuff like that going on. Actually, I think it's a Google group,`
			`but they have all of these encryption experts from government, industry, academia,`
			`and they're looking at these things and poking holes in them and saying, this is weak, you`
			`need to fix it. So, as the way that process works, the algorithms from round three that did not make it`
			`are very often going on in round four with the modifications. So, that's how good algorithms`
			`rise to the top. You should not be surprised. There's also a call for proposals for additional`
			`digital signature algorithms. Link in the show notes. I got a lot of links in the show notes here.`
			`So, you know, if you want more information on any of this stuff that changes others,`
			`a link in the show notes. So, anyway, the NIST is going to keep looking for new and improved algorithms`
			`and this first batch of four is far from the end of the process. These four selected algorithms are`
			`what they call candidates to be standardized. There could be additional developments, you know,`
			`it's not a final selection at this point. So, what is the timeline? NIST has proposed to have`
			`the initial standardized algorithms in place in 2024. That's only two years away.`
			`From when I'm recording this, but that is only the start of the process.`
			`Just having a standard is not the same thing as having a solution in place. For that to happen,`
			`the algorithms need to be embodied in systems throughout society,`
			`in corporations, websites, software packages, and so on. And we know from experience that this`
			`takes a long time. For instance, we still don't have IPv6 in most applications and the US still`
			`doesn't have sensible measurement units. So, you can't just assume that magically you wave a`
			`wand and everything is going to happen. It's going to take some hard work.`
			`So, the idea that could take us into the 2030s to complete the rollout is to me, not at all far`
			`fetched, but it is certainly a feasible timeline. And if you're worried about hackers draining your`
			`bank account, don't worry about quantum computers, worry about Doug. Always worry about Doug.`
			`Well, this is Ahuka for Hacker Public Radio. Signing off and as always, encouraging everyone`
			`within the sound of my voice to support free software. Bye-bye.`
			`You have been listening to Hacker Public Radio at Hacker Public Radio. Does it work?`
			`Today's show was contributed by a HBR listener like yourself. If you ever thought of recording`
			`broadcast, you click on our contribute link to find out how easy it really is.`
			`Hosting for HBR has been kindly provided by an honesthost.com, the Internet Archive and our`
			`Sims.net. On this address status, today's show is released under Creative Commons,`
			`Attribution 4.0 International License.`