The Most Important Encryption Upgrade in 50 Years

[The Bleeding Edge]( Editor’s Note: Don’t forget… Jeff’s [AI Emergency Meeting]( is coming up fast. Tomorrow night at 8 p.m. ET, he’ll debrief you on an event in the artificial intelligence industry he believes will trigger a seismic shift in the markets as soon as August 28… plus, five small-cap companies he’s identified that are paving the way for the next generation of artificial intelligence. There isn’t a lot of time to prepare, so [click here]( to get an automatic reminder before the event… you don’t want to miss it. --------------------------------------------------------------- The Most Important Encryption Upgrade in 50 Years By Jeff Brown, Editor, The Bleeding Edge --------------------------------------------------------------- Not many people have heard of NIST. NIST – the National Institute of Standards and Technology – is a division of the U.S. Department of Commerce… And about eight years ago, it kicked off a project for one of the most important computing developments of the last 50 years. NIST’s announcement – which came in August of 2016 – set off a cascade of tech R&D that will fundamentally alter how information is sent in the future – using encryption. In the announcement, NIST sought out ideas and proposals for post-quantum cryptography (PQC). Which, in 2016, felt unnecessarily early. After all, quantum computers were in such a nascent stage at that time. They were extremely complex and expensive to build and operate. And they were riddled with “noise” in the systems that produced errors in the outputs. But it wasn’t early at all. I could even argue that NIST got a late start. Breaking the Security Standard The existing cryptographic standard used for encrypting and securing digital communications is known as RSA. The three letters represent the last names of the three cryptographers who invented the algorithm decades ago. RSA was developed in the 1970s, but it wasn’t implemented on a wider public scale until the early 1990s. The RSA encryption scheme was elegant in its simplicity. The only way to decrypt an encrypted message was to calculate the prime factors of a very large number. It is a task that is beyond the capabilities of the world’s most powerful supercomputers. That meant that without the correct key, the digital communications couldn’t be decrypted. The RSA standard employed an extremely complex mathematical problem as a way of defending against cryptographic attacks. As a result, the RSA standards have about 50% of the world’s market share for hardware encryption and are used for most e-mail communications. But quantum computing changes everything. That pesky problem of calculating the prime factors of a large number becomes easy work for anyone in control of a fault-tolerant quantum computer. Such an esoteric mathematical problem becomes easy to solve. This has been a well-known fact amongst nation-states and bad actors who, for years, have engaged in cyberattacks to steal encrypted data. They have been “harvesting” highly sensitive and/or valuable files with the intent to decrypt them with quantum computers once available. And that is the reason for the NIST’s post-quantum computing (PQC) initiative in 2016. And now, after almost a decade of interaction with academic institutions, cryptography research organizations, and industry, NIST has announced the three final standards for post-quantum encryption. Quantum Resistant It’s not an understatement to say that in time, today will become known as one of the most important days in computing history. NIST has just released the next generation of data encryption standards… to make technology that is resistant to the power of quantum computers. Long-time readers of The Bleeding Edge will be quite familiar with this topic, as I have written about it quite a bit in the past. The three finalized standards that were announced this morning are: - Federal Information Processing Standard (FIPS) 203 – this is the primary standard for post-quantum encryption. - FIPS 204 – this is the primary standard for protecting digital signatures. - FIPS 205 – this is the secondary standard for protecting digital signatures, somewhat of a backup if FIPS 204 fails to protect against quantum-based attacks. And before the end of the year, the fourth and final post-quantum standard will be released – FIPS 206 – which will also relate to digital signatures necessary for secure digital communication in the post-quantum world. So why is this such an urgent matter? Why is today so significant? And what does it all mean? The reality is that we already have quantum computers, and billions are being spent to advance their capabilities and more specifically remove the noise from these powerful systems, employ error correction, and develop fault-tolerant quantum computers. Whether it’s the big, well-funded powerhouses like [IBM]( (IBM), [Microsoft]( (MSFT), [Intel]( (INTC), [Honeywell]( (HON), or [Alphabet]( (GOOGL), or the earlier stage leaders like [D-Wave Systems]( (QBTS), [Rigetti Computing]( (RGTI), [IonQ]( (IONQ), [Zanadu]( [Quantinuum]( [Zapata Computing]( (ZPTA), or [PsiQuantum]( progress is being made with quantum computers at an exponential rate. A perfect example is shown below. This is the progression of IonQ’s quantum computer development in terms of the number of algorithmic quantum bits (qubits). Source: IonQ That’s just one example of how the quantum computing industry is hitting an inflection point in terms of the exponential growth of qubits, which is equivalent to quantum computing power. And as the fidelity of these systems improves, it is just a matter of time before they’ll be able to decrypt RSA algorithms in milliseconds. That’s why post-quantum encryption technology is such an urgent matter. Quantum computers will be able to decrypt RSA encryption within a matter of a few years. So this isn’t just a matter of establishing new standards – these standards have to be deployed on a global basis. And that’s both a problem and an opportunity. The Long Awaited 50-Year Upgrade Before the end of the year, the fourth post-quantum computing encryption standard will be released. And now that these standards have been finalized by NIST, the industry can begin the process of productizing them… and selling them into the market. And I have some favorites when I think of cybersecurity companies that are well-positioned to benefit from this critical global upgrade like Palo Alto Networks (PANW), Fortinet (FTNT), Zscaler (ZS), Crowdstrike (CRWD), and Cloudflare (NET). Large IT services and consulting companies like IBM and Accenture will be all over this trend as well. It will take more than a decade to replace RSA and the other prevailing encryption standard AES. In fact, some organizations with highly sensitive information have already started working on the transition. This includes government agencies, financial institutions, and corporations with the funding to take on such an initiative with highly sensitive data and communications to protect. Hundreds of billions will be spent replacing both hardware and software systems to adopt these post-quantum computing encryption technologies. Leading cybersecurity companies are already in a position with well-established distribution channels to benefit the most from this once-in-50-year upgrade of encryption standards. The ramifications of this shift caused by quantum computers are incredible. All of that “harvested” data stolen over the last decade will be decrypted. Defense and military secrets will become known by adversaries, as will financial data that has long been hidden for a reason. A storm is coming… And those who wait too long to upgrade will pay the price. --------------------------------------------------------------- Like what you’re reading? Send your thoughts to feedback@brownstoneresearch.com. [Brownstone Research]( Brownstone Research 55 NE 5th Avenue, Delray Beach, FL 33483 [www.brownstoneresearch.com]( To ensure our emails continue reaching your inbox, please [add our email address]( to your address book. This editorial email containing advertisements was sent to {EMAIL} because you subscribed to this service. To stop receiving these emails, click [here](. Brownstone Research welcomes your feedback and questions. But please note: The law prohibits us from giving personalized advice. To contact Customer Service, call toll free Domestic/International: 1-888-512-0726, Mon–Fri, 9am–7pm ET, or email us [here](mailto:memberservices@brownstoneresearch.com). © 2024 Brownstone Research. All rights reserved. Any reproduction, copying, or redistribution of our content, in whole or in part, is prohibited without written permission from Brownstone Research. [Privacy Policy]( | [Terms of Use](