sakkmesterke - stock.adobe.com
NIST debuts three quantum-safe encryption algorithms
NIST has launched the first three quantum-resistant encryption algorithms, and as the threat of quantum-enabled cyber attacks grows greater, organisations are encouraged to adopt them as soon as they can
The US National Institute of Standards and Technology (NIST) has debuted three encryption algorithms that it claims will help safeguard critical data from cyber attacks originating from quantum computers
The quantum-safe algorithms are the first fully realised “product” to emerge from NIST’s eight-year post-quantum cryptography (PQC) standardisation project, and are available for immediate use.
Progress towards the standards’ debut has been a collaborative effort that has seen cryptography experts from all over the world conceive, submit and evaluate quantum-safe algorithms. Overall, NIST assessed 82 algorithms contributed by researchers from 25 countries, and whittled them down to a top 14, which were categorised into finalist and alternative algorithms.
The result is described by NIST director and US under-secretary of commerce for standards and technology, Laurie Locascio, as “the capstone of NIST’s efforts to safeguard our confidential electronic information”.
“Quantum computing technology could become a force for solving many of society’s most intractable problems, and the new standards represent NIST’s commitment to ensuring it will not simultaneously disrupt our security,” she said.
Although the quantum computer that is capable of breaking ordinary encryption methods has not yet appeared, NIST is encouraging admins to begin work on incorporating them into their systems right away, said Dustin Moody, NIST lead mathematician on the PQC project.
“There is no need to wait for future standards,” said Moody. “Go ahead and start using these three. We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event.”
Key tasks
The standards have been designed to fulfil two key tasks that encryption is typically used for – general encryption, which protects information travelling across public networks; and digital signatures, which are used for authentication.
The four algorithms initially slated for use last year were Crystals-Kyber, Crystals-Dilithium, Sphincs+ and Falcon – which will move forward later in 2024.
These have now been renamed to better specify the versions of these algorithms that appear in the finalised standards.
As such, Crystals-Kyber has now become Federal Information Processing Standard (FIPS) 203 or Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM). This will be the primary standard for general encryption – it has relatively small encryption keys that are easily exchanged between parties, and operates at speed, making it the best candidate for this use case.
Meanwhile, Crystals-Dilithium, now known as FIPS 204 or Module-Lattice-Based Digital Signature Algorithm (ML-DSA), will become the primary standard for protecting digital signatures, while Sphincs+ becomes FIPS 205 or Stateless Hash-Based Digital Signature Algorith (SLH-DSA), serving as a second backup method for ML-DSA.
Falcon will be designated as FIPS 206, or fast-Fourier transform (FFT) over NTRU-Lattice-Based Digital Signature Algorithm (FN-DSA) once released.
Dawn of the quantum era
Reaction from cyber security experts has been positive, with many going so far as to proclaim the dawn of the quantum computing era. Tom Patterson, emerging technology security lead at consultancy Accenture, said NIST’s announcement was certainly a pivotal moment.
“As quantum computers emerge, they present a significant risk to our current encryption methods,” he said. “Organisations must assess their quantum risk, discover vulnerable encryption within their systems and develop a resilient cryptographic architecture now.
“We’ve been focused on helping our clients through each phase of this critical transition for years, and with these new standards will work with organisations to help them maintain their cyber resilience in the post-quantum world.”
Read more on quantum encryption
- Quantum computers have the potential to crack many of the encryption methods we currently rely on to keep our digital communications safe. Quantum-resistant cryptography may be the answer.
- Quantum computing is expected to arrive within the next decade and break current cryptographic algorithms. SANS' Andy Smith explains how to start securing your company now.
- The Cryptographers’ Panel at RSAC offered opinions on their confidence in PQC following the release of a paper questioning lattice-based encryption's viability.
Samantha Mabey, director of digital security solutions at Entrust, urged organisations to get to work to develop a comprehensive strategy for dealing with quantum threats.
“This means identifying where their most sensitive data is stored, understanding the current cryptographic protections in place, and ensuring they can switch to quantum-resistant algorithms without major disruptions,” she said.
Recent research conducted by Entrust, along with the Ponemon Institute, found that 27% of organisations had yet to start considering post-quantum threats, and another 23% were aware of them but weren’t doing any planning. Mabey said that given quantum computers that can break standard encryption are now closer than ever, this was somewhat worrying.
“Even now, the threat is real; attackers are already trying to steal data, hoping they can decrypt it later when quantum technology becomes available,” she said. “Ultimately, the release of NIST’s recommended PQC algorithms is a positive development. However, organisations can only reap the benefits and protect against future quantum threats by readying their security infrastructure for the transition now.”
BT, which has been working extensively on quantum networking for some time, also referred to a significant milestone in modern cyber security.
“Although Quantum Computers are not yet able to break cryptography, it’s important for organisations to have a plan for managing the risk,” said a spokesperson. “This begins with risk assessment for each organisation. For example, services that provide encryption of data – particularly long-term sensitive data – may be at risk from an adversary who can tap their data today, and will gain access to a cryptographically relevant quantum computer in future. Quantum readiness for these systems is a priority.
“The technologies selected to mitigate the risks will involve both PQC and Symmetric Cryptography, and for some scenarios, also Quantum Key Distribution,” they said. “We will increasingly see PQC implemented in OTT services, including web browsers and services, and cloud interfaces.
“For BT’s own systems, as always, we will manage the threat responsibly, ensuring that updates and changes are tested before deployment in live networks.”
