National Institute of Standards and Technology (NIST) last year selected four algorithms designed to withstand attack by quantum computers.

Now the agency has begun the process of standardizing these algorithms — the final step before making these mathematical tools available so organizations around the world can integrate them into their encryption infrastructure.

NIST just released draft standards for three of the four algorithms it selected in 2022. A draft standard for FALCON, the fourth algorithm, will release in about a year. NIST is calling on the worldwide cryptographic community to provide feedback on the draft standards until Nov. 22.

“We’re getting close to the light at the end of the tunnel, where people will have standards they can use in practice,” said Dustin Moody, a NIST mathematician and leader of the project. “For the moment, we are requesting feedback on the drafts. Do we need to change anything, and have we missed anything?”

Sensitive electronic information, such as email and bank transfers, currently ends up protected using public-key encryption techniques, based on math problems a conventional computer cannot readily solve. Quantum computers are still in their infancy, but a sufficiently powerful one could solve these problems, defeating the encryption. The new standards, once completed, will provide the world with its first tools to protect sensitive information from this new kind of threat.

Schneider Bold

NIST’s effort to develop quantum-resistant algorithms began in 2016, when the agency called on the world’s cryptographic experts to submit candidate algorithms to NIST’s Post-Quantum Cryptography Standardization Project. At the time, experts from dozens of countries submitted 69 eligible algorithms.

NIST then released the 69 candidate algorithms for experts to analyze, and to crack if they could. This process was open and transparent, and many of the world’s best cryptographers participated in multiple rounds of evaluation, which reduced the number of candidates.

Although quantum computers powerful enough to defeat current encryption algorithms do not yet exist, security experts said it’s important to plan ahead, in part because it takes years to integrate new algorithms across all computer systems.

Each new publication is a draft Federal Information Processing Standard (FIPS) concerning one of the four algorithms NIST selected in July 2022:

  • CRYSTALS-Kyber, designed for general encryption purposes such as creating secure websites, is in FIPS 203
  • CRYSTALS-Dilithium, designed to protect the digital signatures we use when signing documents remotely, is in FIPS 204.
  • SPHINCS+, also designed for digital signatures, is in FIPS 205
  • FALCON, also designed for digital signatures, will receive its own draft FIPS in 2024.

While these three will constitute the first group of post-quantum encryption standards NIST creates, they will not be the last.

In addition to the four algorithms NIST selected last year, the project team also selected a second set of algorithms for ongoing evaluation, intended to augment the first set.

NIST will publish draft standards next year for any of these algorithms selected for standardization. These additional algorithms — likely one or two, Moody said — are more for general encryption, but based on different math problems than CRYSTALS-Kyber, and they will offer alternative defense methods should one of the selected algorithms show a weakness in the future.


Pin It on Pinterest

Share This