Credit:
J. Wang / NIST and Shutterstock
Last year, the National Institute of Standards and Technology (NIST) selected four algorithms designed to withstand quantum computer attacks. Now, the agency has begun the process of standardizing these algorithms, the final step before making these mathematical tools available so organizations around the world can integrate them into their encryption infrastructure.
Today, NIST released draft standards for three of the four algorithms selected in 2022. The draft FALCON standard, the fourth algorithm, will be released in about a year.
NIST is calling on the global cryptographic community to provide feedback on draft standards by November 22, 2023.
“We’re getting closer to the light at the end of the tunnel, where people will have standards they can put into practice,” said Dustin Moody, a NIST mathematician and project leader. “At the moment we are asking for feedback on the projects. Is there anything we need to change and did we miss something?
Sensitive electronic information such as email mail and bank transfers are currently protected by public key encryption techniques based on mathematical problems that a normal computer cannot easily solve. Quantum computers are still in their infancy, but computers powerful enough can solve these problems by breaking encryption. The new standards, when finalized, will give the world its first tools to protect sensitive information from this new type of threat.
A multi-year evaluation process
NIST’s efforts to develop quantum-resistant algorithms began in 2016, when the agency invited cryptography experts from around the world to submit candidate algorithms to NIST’s Post-Quantum Cryptography Standardization Project. Experts from dozens of countries submitted 69 eligible algorithms by the November 2017 deadline.
NIST then released the 69 candidate algorithms for experts to analyze and crack if they could. This process was open and transparent, and many of the world’s best cryptographers participated in multiple rounds of evaluation, which reduced the number of candidates.
Although quantum computers powerful enough to overcome current encryption algorithms do not yet exist, security experts say it is important to plan ahead, in part because it takes years to integrate new algorithms into all computer systems.
Each new publication is a draft Federal Information Processing Standard (FIPS) that addresses one of four NIST algorithms selected in July 2022;
- CRYSTALS-Kyber, intended for general cryptographic purposes such as building secure websites, is covered by FIPS 203.
- CRYSTALS-Dilithium, which is designed to protect the digital signatures we use when signing documents remotely, is covered in FIPS 204.
- SPHINCS+, also designed for digital signatures, is covered in FIPS 205.
- FALCON, also designed for digital signatures, is slated to get its own FIPS project in 2024.
The publications provide details to help users implement the algorithms on their own systems, such as complete technical specifications of the algorithms and notes for efficient implementation. Moody said additional guidance will be available in companion publications.
Additional algorithm standards
While these three will form the first set of post-quantum cryptography standards created by NIST, they won’t be the last.
In addition to the four NIST algorithms selected last year, the project team also selected a second set of algorithms for ongoing evaluation, designed to supplement the first set. NIST will publish draft standards next year for any of these algorithms selected for standardization. These additional algorithms, perhaps one or two, Moody said, are intended for general encryption, but they are based on different mathematical problems than CRYSTALS-Kyber, and they will offer alternative methods of protection if one of the chosen algorithms shows weakness in the future. .
This need for backup was highlighted last year when an algorithm that was originally a member of the second group became vulnerable; Experts outside of NIST cracked SIKE on a regular computer. Moody said the break was unusual only in that it was relatively late in the evaluation process. “It basically proved that our process is going as it should,” he said.
Post-quantum cryptography. the good, the bad and the mighty
In this animated story, NIST’s Matthew Scholl describes how the agency is working with the brightest minds in government, academia, and industry from around the world to develop new encryption standards that will work with our current classical computers while also facing the quantum machines of the future.
Team members also want to make sure they’ve considered all the latest ideas in post-quantum cryptography, especially for digital signatures. Two of the three post-quantum digital signature techniques chosen so far are based on a single mathematical idea called structured networks. If any weaknesses in structured networks are revealed, it will be useful to develop additional approaches based on other ideas. The NIST team recently solicited submissions of additional signature algorithms that cryptographers have designed since the original submission deadline in 2017, and the team plans to evaluate these submissions through a multidisciplinary public program over the next few years. The 40 applications that meet the admission criteria are posted here.
Ultimately, the completed post-quantum cryptography standards will replace the three NIST cryptographic standards and guidelines most vulnerable to quantum computers: FIPS 186-5, NIST SP 800-56A, and NIST SP 800-56B.
NIST is accepting public feedback on draft FIPS 203, 204, and 205 standards until November 22, 2023. Comments can be submitted to: FIPS-203-comments [at] nist.gov:, FIPS-204-comments [at] nist.gov: and: FIPS-205-comments [at] nist.gov:. For more information, see today’s Federal Register notification.