CHAPTER 4 Be Prepared 41 Raising Hybrids An obvious response to the forecast availability of quantum computers would be to go all post-quantum right now. However, at this point in time this is not recommended. In cryptography, algorithms go through a long period of peer review and scrutiny before being widely accepted as secure and trustworthy. Also, their operating parameters like key sizes are periodically re-assessed to establish parameters for secure operation. Institutions, like NIST in the USA, certify implementations that use secure algorithms with the recommended set of parameters. Some of the algorithms currently researched in the field of post-quantum cryptography are significantly newer than the algorithms being used commercially today. They have had less peer review and have been scrutinized for a much shorter period of time than the algorithms currently used. NIST has just begun a process to standardize post-quantum cryptography and secure operating parameters. This process will last up to ten years. Until then, implementations relying solely on post-quantum cryptography will not be certifiable by NIST. Therefore it is deemed premature to exclusively use post-quantum cryptography today. But of course this does not mean that there is no meaningful application for post-quantum cryptography at present. A promising approach is to take the best from both worlds and utilize a post-quantum scheme alongside a current, state-of-the-art implementation. Such a hybrid solution certainly offers a level of security that is no worse than the best-practice solutions that we use today — the security provided by the existing algorithm is not diminished by the addition of a post-quantum algorithm. On the other hand, a post-quantum algorithm that is computationally hard to solve, even on quantum computers, adds protection against quantum attacks. In the worst-case scenario, however, future scrutiny of the algorithm may yield a weakness that can be exploited more easily than a brute-force attack. But then again, in this case the security is no worse than the security level provided by the current best-practice approach (for which such weaknesses have not yet been exposed, despite a longer period of analysis within the cryptographic research community). For this reason NIST approves certain hybrid approaches that use post-quantum implementations together with tried-and-trusted solutions that fulfill the certification requirements on their own. According to their website: »such validation
PQC_for_Dummies
To see the actual publication please follow the link above