The United States’ National Institute of Standards and Technology (NIST) has debuted three new encryption algorithms that it claims will help safeguard critical data from cyber attacks originating from quantum computers
The quantum-safe algorithms are the first fully-realised ‘product’ to emerge from NIST’s eight-year post-quantum cryptography (PQC) standardisation project and are available for immediate use.
Progress towards the standards’ debut has been a collaborative effort that has seen cryptography experts from all over the world conceive, submit and evaluate quantum-safe algorithms. Overall, NIST assessed 82 algorithms contributed by researchers from 25 countries, and whittled them down to a top 14, which were categorised into finalist and alternative algorithms.
The result is described by NIST director and US under-secretary of commerce for standards and technology, Lauria Locascio, as “the capstone of NIST’s efforts to safeguard our confidential electronic information”.
Locascio said: “Quantum computing technology could become a force for solving many of society’s most intractable problems, and the new standards represent NIST’s commitment to ensuring it will not simultaneously disrupt our security.”
Although the quantum computer that is capable of breaking ordinary encryption methods has not yet appeared, NIST is encouraging admins to begin work on incorporating them into their systems right away, said Dustin Moody, NIST lead mathematician on the PQC project.
“There is no need to wait for future standards,” said Moody. “Go ahead and start using these three. We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event.”
Key tasks
The new standards have been designed to fulfil two key tasks that encryption is typically used for – general encryption, which protects information travelling across public networks; and digital signatures, which are used for authentication.
The four algorithms initially slated for use last year were CRYSTALS-Kyber, CRYSTALS-Dilithium, Sphincs+ and FALCON – which will move forward later in 2024.
These have now been renamed to better specify the versions of these algorithms that appear in the finalised standards.
As such, CRYSTALS-Kyber has now become Federal Information Processing Standard (FIPS) 203 or Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM). This will be the primary standard for general encryption – it has relatively small encryption keys that are easily exchanged between parties, and operates at speed, making it the best candidate for this use case.
Meanwhile, CRYSTALS-Dilithium, now known as FIPS 204 or Module-Lattice-Based Digital Signature Algorithm (ML-DSA) will become the primary standard for protecting digital signatures, while Sphincs+ becomes FIPS 205 or Stateless Hash-Based Digital Signature Algorith (SLH-DSA), serving as a second backup method for ML-DSA.
FALCON will be designated as FIPS 206, or fast-Fourier transform (FFT) over NTRU-Lattice-Based Digital Signature Algorithm (FN-DSA) once released.
Dawn of the quantum era
Reaction from cyber security experts has been positive, with many going so far as to proclaim the dawn of the quantum computing era. Tom Patterson, emerging technology security lead at consultancy Accenture, said NIST’s announcement was certainly a pivotal moment.
“As quantum computers emerge, they present a significant risk to our current encryption methods. Organisations must assess their quantum risk, discover vulnerable encryption within their systems, and develop a resilient cryptographic architecture now,” said Patterson.
“We’ve been focused on helping our clients through each phase of this critical transition for years and with these new standards will work with organisations to help them maintain their cyber resilience in the post quantum world.”
Samantha Mabey, director of digital security solutions at Entrust, urged organisations to get to work to develop a comprehensive strategy for dealing with quantum threats.
“This means identifying where their most sensitive data is stored, understanding the current cryptographic protections in place, and ensuring they can switch to quantum-resistant algorithms without major disruptions,” she said.
Recent research conducted by Entrust, along with the Ponemon Institute, found that 27% of organisations had yet to start considering post-quantum threats, and another 23% were aware of them but weren’t doing any planning. Mabey said that given quantum computers that can break standard encryption are now closer than ever, this was somewhat worrying.
She added: “Even now, the threat is real; attackers are already trying to steal data, hoping they can decrypt it later when quantum technology becomes available.
“Ultimately, the release of NIST’s recommended PQC algorithms is a positive development. However, organisations can only reap the benefits and protect against future quantum threats by readying their security infrastructure for the transition now.”
BT, which has been working extensively on quantum networking for some time also referred to a significant milestone in modern cyber security.
“Although Quantum Computers are not yet able to break cryptography, it’s important for organisations to have a plan for managing the risk. This begins with risk assessment for each organisation. For example, services that provide encryption of data – particularly long term sensitive data – may be at risk from an adversary who can tap their data today, and will gain access to a cryptographically relevant quantum computer in future. Quantum readiness for these systems is a priority,” said a spokesperson.
“The technologies selected to mitigate the risks will involve both PQC and Symmetric Cryptography, and for some scenarios, also Quantum Key Distribution (QKD). We will increasingly see PQC implemented in OTT services, including web browsers and services, and cloud interfaces.
“For BT’s own systems, as always, we will manage the threat responsibly, ensuring that updates and changes are tested before deployment in live networks,” they said.