NIST Publishes First Three Standards Finalized for Post-Quantum Cryptography

• As quantum computers capable of easily breaking today’s cryptographic algorithms move closer to becoming a reality, it has become crucial to develop stronger algorithms to ensure security.
• The NIST has finalized and published three standards for post-quantum cryptography (PQC).

Almost exactly a year ago, the US National Institute of Standards and Technology (NIST), a division of the US Department of Commerce, announced the development of the first draft of standards for post-quantum cryptography (PQC). The institute has now finalized and published three standards to bolster global cybersecurity efforts against future attacks using quantum technologies.

Why PQC Standards Are Important Now

The concept of quantum computing has been discussed for the last few years. Quantum computers were long limited to theory. It was also believed that these computers could decipher today’s RSA and elliptic curve algorithms using Shor’s algorithmOpens a new window . However, the algorithm couldn’t be scientifically proven at that point, as there were no quantum computers.

With advancements in technology, quantum computers are heading towards becoming a reality, increasing the chances of these machines breaking today’s common encryption schemes. This has necessitated the development of post-quantum cryptography algorithms. It also means that the time to start implementing these algorithms is now for many organizations and companies.

The new standards were selected from a competition held by NIST. FIPS 203 uses the ML-KEM (originally CRYSTALS-Kyber) algorithm; FIPS 204 uses ML-DSA (formerly CRYSTALS-Dilithium), and FIPS 205 uses SLH-DSA (initially SPHINCS+). A fourth algorithm, FN-DSA (also called Falcon), has been chosen for future standardization. The standards have been published on the department’s websiteOpens a new window . The documents contain the algorithms’ computer code, implementation instructions, and use cases.

The Algorithms in Detail

ML-KEM and ML-DSA algorithms originated at IBM, which is already building quantum computers. SLH-DSA was co-developed by a researcher who is now part of IBM. IBM also worked with NIST in 2015-16 to develop the framework for the PQC competition.

The ML-KEM algorithm is slightly similar to the type of public-private encryption methods used today. It is designed for general encryption, such as securely accessing websites. It is a module-lattice-based key encapsulation mechanism (KEM).

ML-DSA is the second fastest of the three algorithms. It uses a slightly similar scheme to generate its keys but is also designed to create and verify digital signatures. It is a module-lattice-based digital signature algorithm (DSA).

SLH-DSA is the most secure of the three algorithms. While it is also another algorithm for creating digital signatures, it is based on a different mathematical foundation (stateless hash-based). That said, depending on the variant being implemented, it either requires more time to create the signature or has a larger signature. According to NIST, it is supposed to serve as a backup if ML-DSA proves vulnerable.

See more: DigiCert Plans to Revoke Thousands of SSL/TLS Certificates

Experts Speak

Many cybersecurity leaders and experts have welcomed NIST’s move and emphasized the importance and urgency of these standards.

For example, Kevin Bocek, chief innovation officer at Venafi, said, “NIST’s release of post-quantum standards is the required step to moving forward in safeguarding our digital future. Developers and security teams have been in a holding pattern until NIST reached the finish line. The road to becoming quantum-proof starts now. The most work will come in knowing where machine identities like TLS certificates and code signing certificates are used. There are thousands or even hundreds of thousands of certificates in use. Once applications are updated, new certificates using new standards can be replaced.”

“But there’s no reason to wait. We’re about to be required to change TLS certificates 5-6 times more every year due to pending changes from Google. This is a dry run for being quantum-proof. A recent surveyOpens a new window found that 77% of security leaders believe the shift to 90-day certificates will result in more inevitable outages. If we can’t be prepared for 90-day certificates, we’ll be challenged regarding post-quantum readiness. The business case for machine identity security today and in the future is clear: certificate management ensures costly outages don’t become an everyday problem, and you’re ready to share your quantum-proof capabilities with auditors and boards,” Bocek said.

Similarly, Taher Elgamal, senior advisor at SandboxAQ and ‘the father of SSL,’ said, “The NIST PQC Standardisation marks a critical advancement in securing our digital infrastructure. By adopting these standards, we safeguard sensitive data, ensure privacy, and maintain trust in digital communications. This proactive approach not only prepares us for the quantum era but also fortifies our current cybersecurity measures.”

“This announcement from NIST makes it even more urgent for every large enterprise to implement a scalable, automated cryptographic inventory. Adopting modern cryptographic management at an enterprise level can help minimize disruption and costly ransomware and facilitate a seamless transition to more secure standards,” said Dr Marc Manzano, general manager of cybersecurity at SandboxAQ.

Carlos Aguilar-Melchor, chief scientist of cybersecurity at SandboxAQ, further added, “The new standards just released today by NIST give enterprises a clear roadmap to upgrade their security and encryption protocols. This transition is an opportunity to move to modern cryptography management models, leading to fewer outages, simpler compliance and governance, shorter and safer migrations, and higher security.”

Takeaway

As we head closer to quantum computers becoming a reality, the NIST contest and the new PQC standards can be seen as the first steps to improving encryption algorithms. While no encryption lasts forever and many algorithms will eventually be broken, the three algorithms NIST has finalized may be secure enough for the immediate future and the need of the hour for several businesses and organizations.

MORE ON CYBER RISK MANAGEMENT

• Is Quantum Computing a Threat To Current Encryption Methods?
• Will Symmetric and Asymmetric Encryption Withstand the Might of Quantum Computing?
• OAuth Implementation Flaw Puts Millions of Websites at Risk of XSS Attacks
• Cisco Talos Report Reveals Critical Insights in Ransomware Trends