Skip to main content

Thank you for visiting You are using a browser version with limited support for CSS. To obtain the best experience, we recommend you use a more up to date browser (or turn off compatibility mode in Internet Explorer). In the meantime, to ensure continued support, we are displaying the site without styles and JavaScript.

These ‘quantum-proof’ algorithms could safeguard against future cyberattacks

Inside of a cryogenic dilution refrigerator at IBM, Zurich, Switzerland.

Inside an IBM quantum computer. Researchers expect that one day, quantum computers will be powerful enough to defeat existing cryptographic systems.Credit: IBM Research/SPL

Long before the age of quantum computing has even begun, the Internet is entering its post-quantum era.

Many people are concerned about future quantum computers’ ability to break the cryptographic keys that modern life depends on; these protect everything from smartphone banking apps to online payments. Now the US National Institute of Standards and Technology (NIST) has officially endorsed cryptographic technologies that are thought to be resistant to attack from quantum computers.

These include an encryption algorithm — used to keep online data secure — called CRYSTALS-Kyber, along with three algorithms for use in digital signatures, which provide identity authentication. All of them rely on tried-and-tested mathematical techniques, including one called structured lattices.

“We expect these algorithms will be very widely adopted around the world,” says Dustin Moody, a NIST mathematician in Gaithersburg, Maryland.

“It’s officially a post-quantum world,” says John Graham-Cumming, chief technology officer of the Internet-services company Cloudflare, who is based in Lisbon.

Quantum code-crackers

Quantum computers process information using quantum phenomena such as superposition — the ability of atomic-sized objects to exist in a combination of multiple states at the same time. Current quantum machines are still rudimentary, but once they get large enough, they will be able to perform certain tasks exponentially faster than ordinary computers. In particular, quantum computers will excel at cracking the secret keys for the encryption systems that are most widely used today.

To prepare for a potential privacy apocalypse, cryptology experts have been developing algorithms that should be resistant to quantum-computer attacks. And in 2016, NIST called on computer scientists around the world to submit their best candidates for such ‘post-quantum’ algorithms. That process has now hit a “major milestone”, says Moody, with a first set of four endorsements announced on 5 July.

“Our standardization process has been ongoing for over five years, and started with 82 submissions sent in to us,” says Moody, who has led the NIST selection process. “After a huge amount of evaluation from both NIST and the cryptographic community at large, we were excited to announce the first [post-quantum cryptography] algorithms we will standardize.”

The algorithms NIST chose have been the subject of much more scrutiny than the cryptographic systems most used during the first two decades of the Internet age were at the time when they were adopted, says Bas Westerbaan, a research engineer at Cloudflare Research who is based in Nijmegen, the Netherlands. “So there is trust.”

NIST will now begin formulating precise specifications for how to implement the algorithms, and expects to issue its official standard in 2024, after getting feedback from the cryptography community.

Meanwhile, an international body called the Internet Engineering Task Force (IETF) will weigh in on how to build the algorithms into real applications. “Once that work is under way we can start integrating these algorithms into browsers,” says Eric Rescorla, chief technology officer of the Firefox browser team at Mozilla in San Francisco, California. “I would expect to see test deployments of post-quantum key exchange by 2023, but full deployment might take longer.”

“Securely implementing cryptographic algorithms is very difficult,” Rescorla adds. “We have a lot of experience with implementing classical algorithms, but much less so with post-quantum algorithms, so it’s important that implementers take time and get it right in order to protect user security.”

Once the testing phase is complete, technology providers will be able to deploy the algorithms during periodic software updates, and typical users won’t even realize that their devices have entered the post-quantum age.


Updates & Corrections

  • Clarification 11 July 2022: This article has been updated to clarify comments made by Bas Westerbaan.


Nature Briefing

Sign up for the Nature Briefing newsletter — what matters in science, free to your inbox daily.

Get the most important science stories of the day, free in your inbox. Sign up for Nature Briefing


Quick links