NIST Finalizes First Set of Post-Quantum Encryption Standards
On August 13, 2024, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced the completion of its initial set of encryption algorithms engineered to defend against cyberattacks from quantum computers.
Credit: J. Wang/NIST and Shutterstock
Researchers globally are actively working to develop quantum computers. These machines, operating on principles radically different from conventional computers, could potentially break the current encryption methods that ensure security and privacy for online activities.
The algorithms, detailed in the first finalized standards from NIST’s post-quantum cryptography (PQC) standardization project, are immediately available for use.
These new standards are designed to anticipate future technological advancements in quantum computing. With some experts predicting the emergence of quantum computers capable of bypassing current encryption within the next decade, the security and privacy of individuals, organizations, and governments are at stake.
Deputy Secretary of Commerce Don Graves emphasized the importance of these advancements: “The advancement of quantum computing plays an essential role in reaffirming America’s status as a global technological powerhouse and driving the future of our economic security.” He highlighted NIST’s crucial role in developing innovative solutions. “Including security measures like post-quantum cryptography that organizations can start to implement to secure our post-quantum future.”
The standards consist of the encryption algorithms’ computer code, implementation instructions, and their intended applications. These were developed over an eight-year period, spearheaded by NIST, which has a long history in encryption development. The agency brought together cryptography experts from around the globe to conceive, submit, and evaluate cryptographic algorithms able to resist attacks from quantum computers.
NIST Director Laurie E. Locascio noted the importance of securing sensitive electronic information: “Quantum computing technology could become a force for solving many of society’s most intractable problems, and the new standards represent NIST’s commitment to ensuring it will not simultaneously disrupt our security. These finalized standards are the capstone of NIST’s efforts to safeguard our confidential electronic information.”
Journey to Quantum Resistant Algorithms
In 2015, NIST began the process of selecting and standardizing quantum-resistant algorithms. After evaluating 82 algorithms submitted by 25 countries, the top 15 were identified with the aid of global cryptographers. These were then divided into finalists and alternative algorithms, with draft standards released in 2023. Currently, cybersecurity experts are encouraged to incorporate these new algorithms into their systems.
Encryption is essential in today’s digital world, protecting sensitive electronic information. This includes the contents of emails, medical records, photo archives, and data vital to national security. Encrypted data can be transmitted across public networks because it’s only readable by the sender and the recipient.
Encryption tools rely on complex mathematical problems that are difficult or impossible for conventional computers to solve. However, a quantum computer could potentially sift through a vast number of potential solutions to these problems very quickly, which could defeat current encryption methods. The new algorithms standardized by NIST are based on different mathematical problems that would be difficult for both conventional and quantum computers.
“These finalized standards include instructions for incorporating them into products and encryption systems,” explained NIST mathematician Dustin Moody, who leads the PQC standardization project. “We encourage system administrators to start integrating them into their systems immediately, because full integration will take time.”
Details on the New Standards
Encryption protects sensitive electronic data like secure websites and emails using complex mathematics that computers find impossible to solve. Public-key encryption systems ensure that these websites and emails are inaccessible to unauthorized parties. Before making the selections, NIST evaluated the security of the algorithms’ underlying math and their best applications.
The new standards address two main areas: general encryption (protecting information over public networks) and digital signatures (used for identity verification).
NIST selected four algorithms in 2022, with draft versions released in 2023. The draft standard based on FALCON is planned for late 2024. While there have been no substantial changes since the draft versions, NIST updated the algorithms’ names to specify the final versions in the three finalized standards:
- FIPS 203: The primary standard for general encryption. It features comparatively small encryption keys and fast operation. This standard uses the CRYSTALS-Kyber algorithm, renamed ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism).
- FIPS 204: The primary standard for protecting digital signatures. It uses the CRYSTALS-Dilithium algorithm, renamed ML-DSA (Module-Lattice-Based Digital Signature Algorithm).
- FIPS 205: Also designed for digital signatures, it uses the Sphincs+ algorithm, renamed SLH-DSA (Stateless Hash-Based Digital Signature Algorithm). It is based on a different mathematical approach from ML-DSA and serves as a backup in case ML-DSA is compromised.
When the draft FIPS 206 standard based on FALCON is released, the algorithm will be called FN-DSA (FFT over NTRU-Lattice-Based Digital Signature Algorithm).
