Yesterday, the U.S Department of Commerce’s National Institute of Standards and Technology (NIST) chose the first group of encryption algorithms designed to withstand quantum computers. The NIST aims to create a post-quantum cryptographic standard which should be finalized in about 2 years.
“Today’s announcement is an important milestone in securing our sensitive data against the possibility of future cyberattacks from quantum computers. Thanks to NIST’s expertise and commitment to cutting-edge technology, we are able to take the necessary steps to secure electronic information so U.S. businesses can continue innovating while maintaining the trust and confidence of their customers.”Secretary of Commerce Gina M. Raimondo.
This announcement comes six years after the NIST asked cryptographers world wide to develop and vet quantum resistant encryption schemes. The four finalists in the competition will be the beginning of the NIST’s post-quantum cryptography standardization project.
“NIST constantly looks to the future to anticipate the needs of U.S. industry and society as a whole, and when they are built, quantum computers powerful enough to break present-day encryption will pose a serious threat to our information systems. Our post-quantum cryptography program has leveraged the top minds in cryptography — worldwide — to produce this first group of quantum-resistant algorithms that will lead to a standard and significantly increase the security of our digital information.”Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio.
There are still four additional public key algorithms under consideration for inclusion in the new standard. The NIST will announce those winners at a future date. Standardization is important for all industries and a several varied encryption schemes and a choice of algorithms are required for each use case. Choice is good, especially if one is found to be vulnerable.
For General Encryption
This is suitable for encryption like SSL that we use for securing our connections to websites. NIST has chosen the CRYSTALS-Kyber algorithm. It was chosen because it was fast, and has relatively small encryption keys that parties can exchange easily. There are still four more submissions being considered that will be announced later.
For Digital Signatures
This is for when we need to verify digital identities, or verify transactions on a blockchain, or sign a “DocuSign” document. NIST has chosen 3 algorithms. CRYSTALS-Dilithium, FALCON, and SPHINCS+ The first two were chosen for their high efficiency, and the NIST recommends CRYSTALS-Dilithium as your first choice in quantum resistant encryption.
FALCON is primarily for applications that need smaller signatures than Dilithium can provide. SPHINCS+ is larger and slower than the other two but it’s important because it is based on hash functions while the others are based on math problems called structured lattices. It’s a great backup to have in the event there is an exploit discovered later in the mathematics of structured lattices.
The NIST is offering the algorithms for free to the public for testing but recommends not including them in production assets as the standards may change slightly before they’re finalized. All of the algorithms are available on the NIST website.