August 31, 2023
The U.S. National Institute of Standards and Technology (NIST) has released draft standards for the first three of the four algorithms it selected to protect encrypted data from cyberattacks powered by quantum computers.
NIST has invited the cryptographic community to offer feedback on the draft standards until Nov. 22, 2023. After these have been considered and, where necessary, incorporated, the standards would be made available for global organizations to integrate into their security infrastructure.
The agency revealed the four winning algorithms last year. It has now issued draft Federal Information Processing Standards (FIPS) for the following three algorithms:
• CRYSTALS-Kyber, designed for general encryption purposes such as creating secure websites, is covered in FIPS 203.
• CRYSTALS-Dilithium, designed to protect the digital signatures we use when signing documents remotely, is covered in FIPS 204.
• SPHINCS+, also designed for digital signatures, is covered in FIPS 205.
The fourth, FALCON, is also designed for digital signatures. NIST plans to release draft FIPS for FALCON in 2024.
Because two of the three post-quantum methods for digital signatures selected to date are based on a single mathematical idea called structured lattices, NIST wants to have alternative approaches available in case any weaknesses in this approach are discovered.
The new standards are needed because sufficiently powerful future quantum computers could break the public-key encryption techniques that keep sensitive transactions, such as bank transfers, secure.
“We’re getting close to the light at the end of the tunnel, where people will have standards they can use in practice,” said NIST mathematician and project lead Dustin Moody. “For the moment, we are requesting feedback on the drafts. Do we need to change anything, and have we missed anything?”
NIST has also selected a second set of algorithms for ongoing evaluation that it will release for evaluation next year. These are based on different encryption methods to CRYSTALS-Kyber in case a future vulnerability comes to light. This was needed because one shortlisted candidate, SIKE, was cracked on a single-core computer in an hour, about a month after the algorithms were released in 2022.
According to NIST, the completed post-quantum encryption standards will replace the three NIST cryptographic standards and guidelines that are most vulnerable to being cracked by quantum computers: FIPS 186-5, NIST SP 800-56A and NIST SP 800-56B.
About the Author(s)
You May Also Like