NIST Finalizes Post-Quantum Encryption Standards to Safeguard Digital Information
GAITHERSBURG, Md. – The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has finalized its principal set of encryption algorithms designed to withstand cyberattacks from quantum computers, marking a significant step in securing the modern digital landscape. The agency is encouraging computer system administrators to begin transitioning to the new standards as soon as possible.
Credit: J. Wang/NIST and Shutterstock
Researchers worldwide are developing quantum computers that operate differently from conventional computers; they could potentially break current encryption methods that protect our online activities. The newly announced algorithms represent the first completed standards from NIST’s post-quantum cryptography (PQC) standardization project, and they are ready for immediate implementation. These standards address the rapidly developing field of quantum computing, where technology is predicted to advance significantly within the next decade, potentially threatening the security and privacy of individuals, organizations, and nations.
“The advancement of quantum computing plays an essential role in reaffirming America’s status as a global technological powerhouse and driving the future of our economic security,” said Deputy Secretary of Commerce Don Graves. “Commerce bureaus are doing their part to ensure U.S. competitiveness in quantum, including the National Institute of Standards and Technology, which is at the forefront of this whole-of-government effort. NIST is providing invaluable expertise to develop innovative solutions to our quantum challenges, including security measures like post-quantum cryptography that organizations can start to implement to secure our post-quantum future. As this decade-long endeavor continues, we look forward to continuing Commerce’s legacy of leadership in this vital space.”
The standards include the encryption algorithms’ computer code, implementation instructions, and intended uses, culminating from an eight-year effort managed by NIST. NIST has a long history of developing encryption and has brought together global cryptography experts to conceive, submit, and evaluate cryptographic algorithms. Although quantum computing holds promise for various fields, including weather forecasting, fundamental physics, and drug design, it poses potential threats.
“These finalized standards are the capstone of NIST’s efforts to safeguard our confidential electronic information,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio.
The Journey Toward Quantum-Resistant Algorithms
In 2015, NIST began the selection and standardization of quantum-resistant algorithms to counter potential threats from quantum computers. After evaluating 82 algorithms from 25 countries, the top 15 were identified with the assistance of global cryptographers. These algorithms were then categorized into finalists and alternatives, with draft standards released in 2023. Now, cybersecurity experts are encouraged to integrate these new algorithms into their systems.
Encryption protects numerous electronic secrets, such as email content, medical records, and photo libraries, as well as information that is vital to national security. The new algorithms are based on math problems that would challenge both conventional and quantum computers.
“These finalized standards include instructions for incorporating them into products and encryption systems,” said NIST mathematician Dustin Moody, who leads the PQC standardization project. “We encourage system administrators to start integrating them into their systems immediately, because full integration will take time.” He added that these standards are crucial tools for general encryption and protecting digital signatures.
NIST is also evaluating two additional sets of algorithms as potential backup standards. One set comprises three algorithms designed for general encryption but based on a different math problem than the general-purpose algorithm in the finalized standards; NIST plans to announce its selection of one or two of these algorithms by the end of 2024. The second set contains a broader group of algorithms for digital signatures; NIST is evaluating these for future standards.
Moody emphasized that the new standards are the primary tools. “There is no need to wait for future standards,” he stated. “Go ahead and start using these three. We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event.”
More Details on the New Standards
The new standards are designed for two essential tasks for which encryption is typically used: general encryption and digital signatures. NIST considered the security of the algorithms’ underlying math and their most suitable applications before finalizing the selections.
NIST announced its selection of four algorithms — CRYSTALS-Kyber, CRYSTALS-Dilithium, Sphincs+, and FALCON — in 2022 and released draft versions of three of these standards in 2023. The fourth draft standard, based on FALCON, is expected to be released in late 2024. The finalized standards are:
- FIPS 203: Intended as the primary standard for general encryption, it features small encryption keys and operational speed; it uses the CRYSTALS-Kyber algorithm (renamed ML-KEM, Module-Lattice-Based Key-Encapsulation Mechanism).
- FIPS 204: The primary standard for protecting digital signatures, which uses the CRYSTALS-Dilithium algorithm (renamed ML-DSA, Module-Lattice-Based Digital Signature Algorithm).
- FIPS 205: Also designed for digital signatures, this uses the Sphincs+ algorithm (renamed SLH-DSA, Stateless Hash-Based Digital Signature Algorithm). This standard is meant as a backup method in case ML-DSA proves vulnerable.
When the FIPS 206 standard based on FALCON is released, the algorithm will be named FN-DSA, for FFT (fast-Fourier transform) over NTRU-Lattice-Based Digital Signature Algorithm.
