NIST reveals first four post-quantum cryptography algorithms
"Our post-quantum cryptography program has leveraged the top minds in cryptography worldwide."
The US National Institute of Standards and Technology (NIST) has picked the first four algorithms to become part of its new post-quantum cryptography standards, following a six-year competition.
The long and careful march to new encryption standards is needed as a defence against the increasingly-less-theoretical risks quantum computing poses to traditional cryptographic methods. In a welcome example of forward thinking, NIST has been working for many years on systems which will resist decryption by a “cryptoanalytically relevant quantum computer” (CRQC).
NIST’s announcement of four quantum-proof algorithms marks the first stage of the finalisation of new standards – the agency expects to announce four more next year, and then release the final cryptography standard in 2024. By then US government agencies will have to be ready to adopt the new standard – and most private sector organisations worldwide should also be prepared.
See: US gov tells agencies to get serious on quantum threat to cryptography
One of the four chosen algorithms – CRYSTALS-Kyber – is designated for general encryption, as it uses relatively small encryption keys, and is fast. This makes it suitable for time-sensitive applications, such as web traffic.
The three remaining quantum-proof algorithms are CRYSTALS-Dilithium, FALCON and SPHINCS+, and will be used for digital signatures. NIST recommends CRYSTALS-Dilithium as the primary digital signature algorithm, with FALCON for use in situations which require a smaller signature (large signature size is a significant issue for post-quantum cryptography standards).
Both CRYSTALS approaches and FALCON use structured lattice functions, while SPHINCS+ uses hash functions. While the latter is less efficient than the other three algorithms, NIST said it wanted an alternative system to lattice-based algorithms, in case these prove to be flawed; all four of the future post-quantum cryptography algorithms will also use non-lattice approaches.
All four algorithms are available on the NIST website.
Peter Schwabe, professor at the Max Planck Institute for Security and Privacy, and co-author of CRYSTALS-Kyber, CRYSTALS-Dilithium and SPHINCS+ algorithms, said in a press release: “Since the standardisation project began in 2016, there’s been a shift in attitudes towards PQC, and it is now understood as a critical part of a secure future. Now, it is going to be exciting to see more and more applications and systems transition to this next generation of asymmetric cryptography.”
NIST director Laurie E. Locascio said in the agency’s press announcement: “Our post-quantum cryptography program has leveraged the top minds in cryptography — worldwide — to produce this first group of quantum-resistant algorithms that will lead to a standard and significantly increase the security of our digital information.”
See also: Raytheon, IBM to team up on quantum-proof cryptography, AI
Agreeing the standards is one thing – implementing them will be a significant task, which may require updating or replacing not just software, but hardware components with cryptographic functions built in. NIST has prepared a guide for organisations to help them plan the transition to post-quantum cryptography standards.
Dr Ali El Kaafarani, founder and CEO of UK firm PQShield, which employs Dr Thomas Prest, project lead and co-author of the FALCON algorithm, and which counts Schwabe and two other authors of post-quantum cryptography algorithms as members of its advisory board, also welcomed NIST’s announcement.
“NIST’s new Post-Quantum Cryptography (PQC) standards are a welcome arrival, and I am extremely proud of the team at PQShield for their intense efforts in helping to deliver these – especially Thomas and Peter for having their own contributions chosen.
“But there’s no room for complacency. Across sectors, the race is now on to implement the new cryptographic defences, protecting data wherever it is vulnerable. Now, having actual standards to follow will help companies to put concrete transition roadmaps in place,” he said in a press release.