Long awaited post-quantum encryption standards released by NIST


The US National Institute of Standards and Technology (NIST) on Tuesday announced the release of a finalized set of principal encryption algorithms the first of its kind advanced cryptology designed to withstand future quantum computer-generated cyberattacks.

The US federal agency – responsible for creating universal technology standards through scientific measurement processes – said the algorithms were produced as part of NIST’s post-quantum cryptography (PQC) standardization project, which was first launched in 2022.

The race had been on for NIST to finalize the new algorithm set before quantum computing becomes an applicable industry norm, which some quantum chip manufacturers expect to happen in the next few years.

ADVERTISEMENT

Quantum computers utilize the principles of quantum mechanics to solve complex problems using advanced mathematics too sophisticated for regular computers.

Eventually, in the next decade, quantum computers will be able to crack most public key algorithms, such as the widely used RSA.

Fortunately, NIST estimates it will be years (think 2050) before quantum computers will even come close to breaking the gold standard encryption of today, the AES 256-bit private key encryption algorithm, which is used to provide security and privacy for just about everything we do online.

“Quantum computing technology could become a force for solving many of society’s most intractable problems, and the new standards…ensuring it will not simultaneously disrupt our security…safeguard our confidential electronic information,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio.

The nascent technology is expected to revolutionize fields from weather forecasting to fundamental physics to drug design. However, as with all technological advancements, it will be susceptible to threat actors, posing a major risk for companies that are slow to assimilate the new encryption into network security.

NIST said the ultra-secure encryption will cover a wide range of electronic information, from confidential email messages to e-commerce transactions that propel the modern economy.

Quantum encryption can be used now

The finalized standards are the result of an eight-year effort by NIST, which began in 2016 with a call for submissions from some of the brightest cryptography researchers and experts around the world. NIST sifted through a total of 82 algorithms from 25 different countries to come up with its final set of four.

ADVERTISEMENT

And even though the quantum encryption standards announced Tuesday were developed specifically to protect against future quantum-level attacks, NIST said the encryption algorithms can and should be used immediately by cybersecurity professionals.

NIST and other security insiders warn that threat actors and nation-state adversaries are already hoarding reams of encrypted data in hopeful anticipation of the day when quantum computers become “cryptographically relevant,” meaning they’ll be advanced enough to break through AES encryption a criminal tactic known as 'harvest-now-decrypt-later.'

“These finalized standards include instructions for incorporating them into products and encryption systems,” said Dustin Moody, head of the PQC standardization project and NIST mathematician.

“We encourage system administrators to start integrating them into their systems immediately, because full integration will take time,” Moody explained.

Under the auspices of the new standard label, from here on out known as FIPS or Federal Information Processing Standard, NIST chose the set of four algorithms for standardization in 2022.

A draft version of three of the algorithms – CRYSTALS-Kyber, CRYSTALS-Dilithium, Sphincs+ – were released last year, with the final versions announced Tuesday under new names. A fourth algorithm FALCON, is slated to be released later on this year.

The following is a short description of the the three finalized standards and the algorithms associated with each.

  1. FIPS 203 is the primary standard for general encryption, using the CRYSTALS-Kyber algorithm, now known as the Module-Lattice-Based Key-Encapsulation Mechanism or ML-KEM. Its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation.
  2. FIPS 204 is the primary standard for protecting digital signatures. It uses the CRYSTALS-Dilithium algorithm, which has been renamed ML-DSA, short for Module-Lattice-Based Digital Signature Algorithm.
  3. FIPS 205 is also for digital signatures, using the Sphincs+ algorithm, renamed SLH-DSA or Stateless Hash-Based Digital Signature Algorithm. Based on a different math approach, it will be used as a backup encryption method in case ML-DSA becomes vulnerable.
  4. FIPS 206 is the fourth algorithm standard, based on FALCON to be named FN-DSA, short for FFT (fast-Fourier transform) over NTRU-Lattice-Based Digital Signature Algorithm.

The agency says it is also in the process of evaluating two other sets of submitted algorithms for potential use as additional backup standards, but Moody pointed out there is no need to wait for future standards.

“Go ahead and start using these three. We need to be prepared in case of an attack that defeats the algorithms in these three standards, Moody said.

ADVERTISEMENT

“We will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event,” he added.