Governments and corporate enterprises around the world that are fearing the approaching security threat posed by ultra-powerful quantum computers got some good news this week, as the National Institute of Standards and Technology finally announced its initial choices for quantum-safe encryption digital signature standards.
The selection of these post-quantum cryptography (PQC) standards comes months after many in the quantum technology sector had been expecting the announcement, although it should be noted that when NIST and others involved in evaluation began in 2016 a process of weeding through 69 different standard candidates, it was thought at the time that this stage would not be reached until 2024. Through intensive evaluation and testing, the list of standard candidates was reduced to seven finalists and eight alternates that advanced to a now-completed third round of evaluation.
From that list, NIST this week announced one algorithm that will become a general encryption standard and three algorithms that will become digital signature standards. What this means is that government and commercial entities will be able to upgrade their current encryption schemes with these new schemes with the assumption they will be safer from attacks and decryption efforts originating from quantum computers.
From NIST’s official announcement:
For general encryption, used when we access secure websites, NIST has selected the CRYSTALS-Kyber algorithm. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation.
For digital signatures, often used when we need to verify identities during a digital transaction or to sign a document remotely, NIST has selected the three algorithms CRYSTALS-Dilithium, FALCON and SPHINCS+ (read as “Sphincs plus”). Reviewers noted the high efficiency of the first two, and NIST recommends CRYSTALS-Dilithium as the primary algorithm, with FALCON for applications that need smaller signatures than Dilithium can provide. The third, SPHINCS+, is somewhat larger and slower than the other two, but it is valuable as a backup for one chief reason: It is based on a different math approach than all three of NIST’s other selections.
Three of the selected algorithms are based on a family of math problems called structured lattices, while SPHINCS+ uses hash functions…
NIST also announced that four other algorithms–BIKE, Classic McEliece, HQC and SIKE–will advance to a fourth round of analysis and consideration, after which some or all of them could be chosen to join CRYSTALS-Kyber as general encryption standards.
It is important to note that the standards based on CRYSTALS-Kyber and the other three technologies chosen this week for standardization will not be fully completed for another two years, and could be modified in different ways during that time. “While the standard is in development, NIST encourages security experts to explore the new algorithms and consider how their applications will use them, but not to bake them into their systems yet, as the algorithms could change slightly before the standard is finalized.”
Still, many quantum security companies have been positioning to help governments and companies with migration and upgrade efforts that could take several years.
Duncan Jones, head of cybersecurity for Quantinuum, said in an email statement, "Organizations can now accelerate their implementation and testing efforts, safe in the knowledge they aren't backing the wrong horse. CISOs in every industry should be working hard on their post-quantum migration plans, so they are ready to launch into production as soon as standardization is completed in 2024.”
Kent Landfield, Chief Standards, and Technology Policy Strategist at Trellix, also commented on the scale of the job ahead, especially for the U.S. government, stating via email that this week’s announcement is “ just one step down the path we must travel. The next five years are critical as the U.S. risks losing its ability to protect our most sensitive data and communications from geopolitical rivals.”
The Biden White House in May urged government agencies to begin working toward adopting new technologies to protect them from quantum-based threats. Landfield added, “The U.S. and its allies securely send tremendous amounts of encrypted diplomatic, intelligence, military, intellectual property, and confidential business information across public networks. Without quantum-resistant cryptographic
algorithms, these highly sensitive informational assets within the government and private sector would be exposed to geopolitical adversaries with the quantum computing capacity to break today's commonly used vulnerable encryption mechanisms… We need to implement processes that allow us to quickly replace weaker algorithms with stronger ones as we develop and validate them.”