The National Institute of Standards and Technology (NIST) is standardising four algorithms designed to resist quantum computer attacks. The agency has released draft standards for three algorithms, with the fourth, FALCON, due in a year. The standards will help protect sensitive electronic information from potential quantum threats. The algorithms CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON were selected in 2022 and are designed for encryption and digital signatures. NIST mathematician Dustin Moody is leading the project and is seeking feedback on the drafts until November 22, 2023.
“We’re getting close to the light at the end of the tunnel, where people will have standards they can use in practice,”
Dustin Moody
NIST’s Quantum-Resistant Encryption Algorithms
The National Institute of Standards and Technology (NIST) has been working on four algorithms designed to withstand attacks by quantum computers. The agency has now begun the process of standardising these algorithms, which is the final step before they can be integrated into encryption infrastructure worldwide. NIST has released draft standards for three of the four algorithms, with a draft standard for the fourth, FALCON, expected to be released in about a year. The agency is seeking feedback from the global cryptographic community on these draft standards until November 22, 2023.
Sensitive electronic information, such as emails and bank transfers, is currently protected using public-key encryption techniques. These techniques are based on mathematical problems that conventional computers cannot readily solve. However, a sufficiently powerful quantum computer could solve these problems, defeating the encryption. The new standards, once completed, will provide the world with its first tools to protect sensitive information from this new kind of threat.
The Multiyear Evaluation Process
NIST’s effort to develop quantum-resistant algorithms began in 2016, when the agency called on the world’s cryptographic experts to submit candidate algorithms to NIST’s Post-Quantum Cryptography Standardisation Project. Experts from dozens of countries submitted 69 eligible algorithms by the November 2017 deadline. NIST then released the 69 candidate algorithms for experts to analyse and attempt to crack. This process was open and transparent, and many of the world’s best cryptographers participated in multiple rounds of evaluation, which reduced the number of candidates.
Although quantum computers powerful enough to defeat current encryption algorithms do not yet exist, security experts say that it’s important to plan ahead. This is partly because it takes years to integrate new algorithms across all computer systems.
“For the moment, we are requesting feedback on the drafts. Do we need to change anything, and have we missed anything?”
Dustin Moody, a NIST mathematician and leader of the project.
The New Draft Federal Information Processing Standards
Each new publication is a draft Federal Information Processing Standard (FIPS) concerning one of the four algorithms NIST selected in July 2022. These include CRYSTALS-Kyber, designed for general encryption purposes such as creating secure websites; CRYSTALS-Dilithium, designed to protect the digital signatures we use when signing documents remotely; and SPHINCS+, also designed for digital signatures. FALCON, also designed for digital signatures, is slated to receive its own draft FIPS in 2024.
The publications provide details that will help users implement the algorithms in their own systems, such as a full technical specification of the algorithms and notes for effective implementation. Additional guidance will be forthcoming in companion publications.
Additional Algorithm Standards
In addition to the four algorithms NIST selected last year, the project team also selected a second set of algorithms for ongoing evaluation. These are intended to augment the first set. NIST will publish draft standards next year for any of these algorithms selected for standardisation. These additional algorithms are designed for general encryption, but they are based on different mathematical problems than CRYSTALS-Kyber, and they will offer alternative defence methods should one of the selected algorithms show a weakness in the future.
This need for backups was underscored last year when an algorithm that initially was a member of the second set proved vulnerable. Experts outside NIST cracked SIKE with a conventional computer.
Post-Quantum Cryptography: The Good, the Bad, and the Powerful
The team members also want to ensure they have considered all the latest ideas for post-quantum cryptography, particularly for digital signatures. Two of the three post-quantum methods for digital signatures selected thus far are based on a single mathematical idea called structured lattices. Should any weaknesses in structured lattices emerge, it would be helpful to develop additional approaches that are based on other ideas. The NIST team recently requested submissions of additional signature algorithms that cryptographers have designed since the initial 2017 submission deadline, and the team plans to evaluate these submissions through a multi-round public program to be conducted over the next few years.
Eventually, the completed post-quantum encryption standards will replace three NIST cryptographic standards and guidelines that are the most vulnerable to quantum computers. NIST is accepting feedback from the public on the FIPS 203, 204 and 205 draft standards until Nov. 22, 2023.
“It was mainly an indication that our process is working as it should,”
Dustin Moody.
Quantum-Resistant Encryption Summary
The National Institute of Standards and Technology (NIST) is in the process of standardising four algorithms designed to withstand attacks by quantum computers to integrate them into global encryption infrastructure. The new standards, once completed, will provide the first tools to protect sensitive information from the potential threat posed by quantum computers.
- The National Institute of Standards and Technology (NIST) has begun standardising four algorithms designed to withstand attacks by quantum computers.
- Draft standards for three of the four algorithms were released by NIST, with the fourth, FALCON, expected to be released in a year.
- The agency is seeking feedback from the global cryptographic community on these draft standards until November 22, 2023.
- The new standards aim to protect sensitive electronic information, such as emails and bank transfers, from potential threats posed by quantum computers.
- NIST’s effort to develop these quantum-resistant algorithms began in 2016, with 69 eligible algorithms submitted by experts from around the world.
- The four algorithms selected by NIST in 2022 are CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON.
- These algorithms are designed for general encryption purposes and to protect digital signatures used in remote document signing.
- NIST plans to create additional post-quantum encryption standards, with a second set of algorithms currently under evaluation.
- The completed post-quantum encryption standards will eventually replace three NIST cryptographic standards and guidelines most vulnerable to quantum computers.
- NIST is accepting public feedback on the draft standards until November 22, 2023.
Read More.
