The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has finalized a core set of encryption algorithms designed to resist cyberattacks from quantum computers. Industry experts have informed the World Economic Forum (WEF) that these new encryption algorithms represent a pivotal milestone and are a crucial stepping stone in cybersecurity. Spencer Feingold, digital editor at WEF, and Filipe Beato, lead for the Centre for Cybersecurity at the WEF, noted that quantum technology creates enormous economic and scientific opportunities given its ability to boost computing power but also poses serious cybersecurity risks.
This includes rendering current encryption tools obsolete. NIST warns that quantum computing devices with encryption-breaking capabilities could be developed within the next decade, threatening the security and privacy of individuals, organizations, and entire nations. As technology has advanced in recent years, the quantum economy has grown significantly.
The rise of quantum computing has increased the need to develop and implement post-quantum cybersecurity mechanisms. Recent research from Boston Consulting Group (BCG) indicates that quantum computing could add up to $850 billion in economic value to the global economy by 2040. In 2023 alone, quantum computing garnered an estimated $1.2 billion in venture capitalist investments, BCG noted.
“The NIST standards are an essential stepping stone toward the broader imperative of cryptographic resilience,” Michele Mosca, CEO of evolutionQ, told the WEF. “This seminal milestone will not only enable a quantum-safe posture for organizations that have prepared for this day but will drive the rest of the digital economy to accelerate its journey to quantum safety.”
In 2016, NIST invited experts from around the world to create and submit post-quantum encryption algorithms that could be analyzed, tested, and considered for standardization. Out of dozens of submissions, four were chosen to be standardized, including ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism), ML-DSA (Module-Lattice-Based Digital Signature Algorithm), and SLH-DSA (Stateless Hash-Based Digital Signature Algorithm).
All three post-quantum cryptographic algorithms are based on highly complex mathematical equations that experts believe can withstand the heightened computing power of quantum computers, keeping websites and internet traffic secure from third-party intrusions. “The new NIST post-quantum cryptography standards represent a pivotal moment in the history of cryptography, setting the foundation for a secure digital future in the quantum era,” according to Vikram Sharma, founder and CEO of QuintessenceLabs.
nist’s post-quantum encryption standards
“These standards will rapidly become the cornerstone of cybersecurity across industries, ensuring quantum resilience for organizations handling sensitive information, and future-proofing systems of national significance and critical infrastructure.”
NIST urges cybersecurity firms to immediately adopt the three encryption standards, which were all approved as Federal Information Processing Standards (FIPS) by the U.S. Secretary of Commerce. Sabrina Feng, the chief risk officer for technology, cyber, and resilience at the London Stock Exchange Group, said that while the NIST standards are a significant development, they are only the first steps of a long journey. More post-quantum encryption algorithms are needed, Feng stated, adding that the security industry and end-user organizations should assess their risks and develop a post-quantum strategy to counter the risks.
The fourth standardized encryption algorithm, developed by IBM and called FALCON, is expected to be released later this year. “Quantum security is a new dawn for many,” added Charles Lim, global head of Quantum Communications and Cryptography at JPMorgan Chase. “It is important to take a holistic approach and consider quantum-safe solutions to achieve defense in depth.”
The development of quantum-secure systems such as the NIST standards is especially critical for industries like the financial sector, experts say.
In January, a WEF whitepaper, “Quantum Security for the Financial Sector: Informing Global Regulatory Approaches,” warned that while quantum computing promises to revolutionize operations across the sector, it could also render current encryption schemes obsolete, threatening consumer protections and the integrity of digital infrastructures and economies. Such a scenario, the report added, would not only undermine cybersecurity but also erode the foundation of trust and stability across the financial industry. The Forum’s whitepaper, published in collaboration with the UK’s Financial Conduct Authority, also warned that there is a misalignment in the quantum regulatory landscapes around the world.
Nonetheless, the paper provides four guiding principles to ensure a secure transition to quantum computing. These include reusing and repurposing best practices, establishing non-negotiables, increasing transparency, and avoiding fragmentation. Dr.
Colin Soutar, global leader of quantum cyber readiness at Deloitte, lauded recent industry discussions around quantum computing and cybersecurity, noting that continued efforts need to start with strategy and awareness. Soutar also called for more discussion on the potential impact on business mission and operations. The U.S. White House convened leaders from government, industry, and academia at a roundtable to address the requirements of National Security Memorandum 10 (NSM-10) on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems and the Quantum Computing Cybersecurity Preparedness Act of 2022.
