Has the CRYSTALS-Kyber encryption algorithm, one of 4 quantum resistant methods that NIST has recommended to replace legacy encryption, fallen even before it has been rolled out?
There is news that researchers from the KTH Royal Institute of Technology leveraged AI to break (PDF) CRYSTALS-Kyber. The vulnerability was reported to be a side-channel attack that provides insights necessary to undermine security by measuring various emissions of a system.
If true, this is a big setback for the longevity of protecting data with encryption!
Traditional encryption schemes rely on specific math problems that modern computers have great difficulty solving. But these problems can be compromised with special algorithms running on powerful quantum computers that are rapidly being developed and should be available within the next decade.
In response to this threat, the National Institute of Science and Technology (NIST) has been working for years to evaluate suitable replacements that can resist such quantum attacks. After an exhaustive search for quantum-resistant replacements, in 2022 NIST identified CRYSTALS-Kyber as one of four algorithms chosen to supplant current schemes, and the only method designated for general encryption duties, while the other three focus on digital signatures.
This may doom CRYSTALS-Kyber if it cannot be sufficiently protected, thus leaving a big gap in how the world will need to protect data. The race has been ongoing, with quantum computers rapidly increasing in power, and approaching the point where they will be able to break the locks that protect vast amounts of sensitive digital data and transactions. This attack may send NIST and quantum encryption researchers back several steps in their efforts to find suitable replacements before the underpinnings of digital communication and security are attacked from quantum computers.
Matthew Rosenquist is an industry-recognized pragmatic, passionate, and innovative strategic security expert with 28 years of experience. He thrives in challenging cybersecurity environments and in the face of ever shifting threats. A leader in identifying opportunities, driving industry change, and building mature security organizations, Matthew delivers capabilities for sustainable security postures. He has experience in protecting billions of dollars of corporate assets, consulting across industry verticals, understanding current and emerging risks, communicating opportunities, forging internal cooperation and executive buy-in, and developing practical strategies. Matthew is a trusted advisor, security expert, and evangelist for academia, businesses, and governments around the world. A public advocate for best-practices, and communicating the risks and opportunities emerging in cybersecurity. He delivers engaging keynotes, speeches, interviews, and consulting sessions at conferences and to audiences around the globe. He has attracted a large social following of security peers, is an active member on advisory boards, and quoted in news, magazines, and books. Matthew is a recognized industry expert, speaker, and leader who enjoys the pursuit of achieving optimal cybersecurity. Matthew Rosenquist is experienced in building world class teams and capabilities, managing security operations, evangelizing best-practices to the market, developing security products, and improving corporate security services.