I do not really know what is going on, but news on Quantum Computers (or “Quantum Information Science” – QIS) and Post Quantum Crypto keep piling up, the last one coming from the White House (see eg. here).
Openssh has released a few days ago version 9.0 (here the announcement) which features the “hybrid Streamline NTRU Prime + x25519 key exchange method by default.” In other words, the key exchange is performed by the standard X25519 ECDH key exchange algorithm (the previous default) paired with the NTRU Prime, a Post Quantum Crypto algorithm “believed to resist attacks enabled by future quantum computers.” If one of the two algorithms fails to protect the confidentiality of the encryption key, the other should continue to protect it, even if a quantum computer will be able to successfully attack X25519 ECDH alone.
We do not know if or when Quantum Computers will arrive: 10 years “at best” for Quantum Computing, “at worst” for Cryptography.
Today Post Quantum Cryptography (PQC) aims to provide algorithms resistant to Quantum Computers but it is still in an development phase (see eg. NIST for details).
Concerning information security and Quantum Computer, today we should worry about at least two issues:
- how long it will take to perform the transition to Post Quantum Crypto algorithms;
- how to protect information encrypted today with standard algorithms but that should still be protected in 10 or more years.
For the second point, one possibility is to adopt already today the emerging PQC algorithms and “double encrypt” sensitive long-term data with a current algorithm and PQC-devel algorithm, with the hope that if one of the two fails the other will keep protecting the data. And based on this IBM announcement (see also here), this seems to be starting right now.
Interesting reading: here the NSA “Quantum FAQs”.