The Future Is Now: Spreading the Word About Post-Quantum Cryptography
Dustin Moody, Mathematician, National Institute of Standards and Technology (NIST)
I consider myself a quiet guy — on a Friday night you can usually find me at home doing crossword puzzles. Public speaking doesn’t come naturally to me, and I’ve never really liked it. Like many people, I get really nervous. So, how did I find myself standing at a podium in front of hundreds of people in Fukuoka, Japan?
I had never traveled that far away from home before. I was also pretty jet-lagged, as I had flown to Fukuoka the day prior. But there I was, giving the opening talk at PQCrypto 2016, the latest in a series of conferences in post-quantum cryptography (PQC). To add to my anxiety, I thought most of the audience knew more about PQC than I did.
Despite these circumstances, I managed to do what I was there to do: announce that the National Institute of Standards and Technology (NIST) was kicking off an international competition to find new quantum-resistant cryptographic systems. The attendees reacted very favorably, knowing this would boost their research in the coming years. As it did, and the NIST PQC competition grew, it took me along for the ride.
Let me back up and explain a little bit.
I came to NIST in 2010 as a postdoc with a one-year-old Ph.D. in mathematics. My dissertation involved something called elliptic curves, which turn out to have some very useful applications in the cryptosystems we use to secure our communications on the internet and elsewhere. In particular, elliptic curve cryptosystems have very short keys and signatures, which take up less memory in comparison to other cryptosystems. It was fascinating to me that such a purely mathematical concept had such an important application in the real world.
NIST publishes cryptography standards so that government agencies know how to safely use crypto. These standards are documents that specify exactly how to implement various cryptographic algorithms in a standard way, so that a user’s computer will be able to securely communicate with the intended recipient’s computer. NIST’s crypto standards are well regarded and are used by most public and private organizations around the world.
It was these kinds of applications that led me to NIST. I spent my first few years here continuing my mathematical research and working on a few projects related to crypto standards. In 2012, my manager Lily Chen asked me to become involved with a new project dealing with post-quantum cryptography. One of the project leaders was moving, and I was asked to take his place. I accepted, even though I knew almost nothing about what PQC was.
The goal of the project was to find cryptosystems which would be safe to use, even in the advent of quantum computers. What’s a quantum computer? Good question. A really detailed answer wouldn’t fit in this blog post. Informally, quantum computers are machines that would harness the properties of quantum physics to solve certain real-world problems that are beyond the power of our present machines. A lot of very intelligent people have been working on building one, with companies like Google, IBM, Intel, Honeywell and Microsoft all racing to be the first to actually construct a quantum computer large enough to tackle some of these problems. While a quantum computer would lead to some amazing scientific breakthroughs, there would also be a pretty catastrophic impact on some of the cryptosystems we rely on today. In particular, quantum computers would break a few of NIST’s standardized crypto algorithms, potentially exposing the sensitive information of anybody using those algorithms. Thus, we were tasked to find new ones to replace them.
As a young professional, I didn’t have a lot of experience in managing anything. I was lucky that we had a great team of researchers assembled, all of whom were much smarter than I was. Initially, we mostly read the latest papers in the field, talked to experts and started to do some of our own research. In 2015, we organized a workshop and shortly thereafter published a short report (NISTIR 8105) outlining NIST’s view of PQC. All this built momentum, and it was at this point we decided to start taking more concrete action toward standardization.
We decided that we would do a PQC competition like what NIST has done in the past for two of our crypto standards (AES and SHA-3). These competitions are major undertakings and have been quite successful at galvanizing the crypto community to focus evaluation and analysis on selected algorithms. The perfect way to announce this was the upcoming PQCrypto workshop in Japan, where the majority of the researchers in the field would be attending. That’s how I ended up there.
We are now several years into the competition and hope to select the new quantum-safe algorithms that NIST will standardize in another year or two. I’ve learned a lot in this time. I’ve learned the technical details and the science that underlies PQC, of course. But, I’ve also grown a great deal professionally. I’ve organized conferences, managed a diverse team of dedicated experts, written many papers and reports, and interacted with the public as we have steered through the PQC standardization process. There have been many challenges, but so far we feel we have been largely successful at coordinating our efforts with the crypto community, standards organizations and even other nations.
As awareness of the threat that quantum computers pose to cryptography has grown, NIST has been invited to share what it is doing at many venues and with numerous organizations. It’s been a unique opportunity to travel to many different countries and speak to a variety of people who want to know how “quantum” will impact them. One of my favorite experiences was speaking to representatives of the auto industry. They are concerned about the impact to security since the crypto that is programmed into cars has to have a long lifespan. I hadn’t really known much about the security challenges for cars before.
At some point, I know that the project will slow down, and post-quantum cryptography won’t be as high a priority as it is right now. Part of me would be just fine with that, so I can go back to a quieter workflow. Yet, I must admit I have enjoyed having some time in the spotlight and the opportunity to develop some new skills and meet new people. I’m grateful that NIST is a place where such exciting (often unexpected) experiences await.
This post originally appeared on Taking Measure, the official blog of the National Institute of Standards and Technology (NIST) on Dec. 2, 2020.
To make sure you never miss our blog posts or other news from NIST, sign up for our email alerts.
About the Author
Dustin Moody is a mathematician in the NIST Computer Security Division. Dustin leads the post-quantum cryptography project at NIST. He received his Ph.D. from the University of Washington in 2009. His area of research deals with elliptic curves and their applications in cryptography.