Zoom Adopts NIST Standards as Quantum Resistant Cryptography Gains Traction – Blockchains Next?
Key Takeaways
- Zoom has adopted the Kyber768 quantum-secure encryption algorithm.
- A growing number of tech companies are migrating to post-quantum cryptography.
- Quantum computers still pose a security threat for blockchains.
Zoom is the latest consumer application to adopt the National Institute of Standards and Technology’s (NIST) “post-quantum” encryption standards.
But so far, major blockchain platforms have yet to migrate to the new quantum secure cryptographic paradigm.
Post-Quantum Cryptography
While large-scale, error-free quantum computers are still years away, it is generally accepted that contemporary cybersecurity systems aren’t prepared to handle the dramatic increase in computing power such machines will be capable of.
Specifically, many popular public-key cryptographic algorithms and digital signature algorithms would be vulnerable to future quantum-boosted attacks.
To preempt this threat, NIST initiated a process to solicit, evaluate, and standardize quantum-resistant cryptographic algorithms, selecting the first ones approved for US government use in 2022.
But the selection of certain standards doesn’t just have implications for government agencies.
How Standards Proliferate
Because they are developed independently by international groups of researchers, “everybody tends to place a lot of trust in the set of standards defined by NIST,” cryptographer and Taurus CSO Jean-Philippe Aumasson explained to CCN.
Alongside the US government, “they’re also adopted by big tech companies, and for interoperability, a lot of people then have to follow and implement the same standards,” he added.
For its new post-quantum encryption scheme, Zoom selected Kyber768, a NIST-approved algorithm supported by Chrome Chrome .
However, internet communication protocols aren’t the only technologies that rely on public key cryptography and digital signatures. Blockchains do too.
Blockchains and Cryptographic Algorithms
Currently, blockchains’ biggest quantum vulnerability is their use of the Elliptic Curve Digital Signature Algorithm (ECDSA) or its variants to create signatures.
This approach is taken by Bitcoin, Ethereum and many other public blockchains that would be vulnerable to a quantum threat. For example, a 2020 study by Delloite estimated that about 25% of all BTC in circulation would be exposed if quantum computers managed to crack ECDSA.
So why don’t blockchains migrate to post-quantum alternatives like Google and Zoom have?
Is Crypto Migration Imminent?
There are several reasons blockchains haven’t yet migrated to quantum-resistant alternatives to ECDSA.
For starters, making changes to decentralized protocols is never easy and requires forming a consensus among divergent stakeholders.
Neither is it simply a matter of swapping out one algorithm for another.
For any blockchain, replacing the underlying cryptographic implementation will impact existing use cases, making applications fail and potentially causing financial losses to users.
The challenge is to ensure a seamless migration that supports backward compatibility.
Preparing for a Quantum Emergency
While it will likely be years or even decades before quantum computers pose a realistic threat, many leading figures in the space, including Vitalik Buterin, are already exploring different options.
As he outlined in a recent blog post, Buterin believes Ethereum is well-placed to avert a disaster in the event of an unanticipated quantum breakthrough.
Buterin’s emergency plan involves disabling traditional account-based transactions and switching to a new transaction type. The Ethereum roadmap already envisages making this transition anyway. The change would just need to be accelerated.
Echoing Buterin’s sentiment, Aumasson asserted that if push came to shove, most blockchain communities could organize to deploy post-quantum cryptography within a couple of days.
