The Department of Commerce’s National Institute of Standards and Technology (NIST) today revealed It is the first set of three encryption algorithms designed to withstand cyberattacks by a quantum computer. After almost a decade of research, they are now ready for immediate use.
NIST began its quantum-resistant algorithms journey in 2015, selecting the best 15 from a set of 82 submitted algorithms. In 2022, NIST announced its selection of four algorithms – CRYSTALS-Kyber, CRYSTALS-Dilithium, Sphincs+, and FALCON – that are targeted for standardization and released draft versions of three of these standards last August.
“Advancing quantum computing plays a critical role in affirming America’s status as a global technology center and advancing the future of our economic security,” said Assistant Secretary of Commerce Don Graves. “The trade offices are doing their part to ensure U.S. competitiveness in the quantum space, including the National Institute of Standards and Technology, which is leading this government-wide effort.”
“NIST is providing invaluable expertise to develop innovative solutions to our quantum challenges, including security measures like post-quantum cryptography that organizations can implement to secure our post-quantum future,” Graves added. “As this decades-long endeavor continues, we look forward to continuing Commerce’s tradition of leadership in this important area.”
NIST noted that quantum computing could revolutionize fields from weather forecasting to fundamental physics to drug development, but it also poses risks.
“Researchers around the world are racing to build quantum computers that work completely differently than ordinary computers and could crack the current encryption that ensures security and privacy in virtually everything we do online,” the NIST press release said.
Quantum computing technology is developing rapidly, and some Experts predict that within a decade a device could emerge capable of cracking current encryption methods and threatening the security and privacy of individuals, organizations and entire nations.
“Quantum computing technology could become a driving force in solving many of society’s most intractable problems, and the new standards represent NIST’s commitment to ensuring it does not simultaneously compromise our security,” said NIST Director Laurie Locascio. “These final standards are the culmination of NIST’s efforts to protect our sensitive electronic information.”
The three final standards published today – CRYSTALS-Kyber, CRYSTALS-Dilithium and Sphincs+ – contain the computer code of the encryption algorithms, instructions for their implementation and their intended uses. The fourth draft standard based on FALCON is planned for late 2024, according to NIST.
“These final standards provide instructions for their integration into products and encryption systems,” said NIST mathematician Dustin Moody, who leads the post-quantum computing standardization project. “We encourage system administrators to start integrating them into their systems immediately, because full integration will take some time.”
Moody said these standards are the most important tools for general encryption and digital signature protection.
NIST noted that no significant changes have been made to the standards since the draft versions were published last year. However, the names of the algorithms have been changed to indicate the versions that will appear in the three final standards:
- The CRYSTALS Cyber Algorithm – Federal Information Processing Standard (FIPS) 203 – is intended to become the primary standard for general encryption. Its advantages include comparatively small encryption keys that can be easily exchanged between two parties and its speed of operation. It was renamed Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM).
- The CRYSTALS Dilithium Algorithm – FIPS204 – is intended to become the primary standard for protecting digital signatures. It has been renamed Module-Lattice-Based Digital Signature Algorithm (ML-DSA).
- The Sphincs+ algorithm – FIPS205 – is also designed for digital signatures. The standard is based on a different mathematical approach than ML-DSA and is intended as a backup method in case ML-DSA proves to be vulnerable. It has been renamed Stateless Hash-Based Digital Signature Algorithm (SLH-DSA).
Likewise, when the FALCON-based FIPS 206 draft standard is published, the algorithm will be called FN-DSA, which is the abbreviation for FFT (Fast Fourier Transform) over NTRU-Lattice-Based Digital Signature Algorithm.
To accommodate any ideas cryptographers may have had since the first call for proposals in 2015, NIST has solicited and begun evaluating additional algorithms from the public in 2022. NIST is currently evaluating two additional sets of algorithms that could one day serve as backup standards, the agency said.
One of these sets consists of three algorithms designed for general encryption, but based on a different type of mathematical problem than the general algorithm in the final standards. NIST plans to announce its selection of one or two of these algorithms by the end of 2024.
The second set includes a larger group of algorithms designed for digital signatures. In the near future, NIST expects to announce about 15 algorithms from this group that will enter the next round of testing, evaluation, and analysis.
While analysis of these two additional sets of algorithms continues, Moody said any subsequent post-quantum cryptography standards will act as backups of the three standards announced by NIST today.
“There is no reason to wait for future standards,” he said. “Use these three standards. We need to be prepared for an attack that overcomes the algorithms of these three standards, and we will continue to work on backup plans to protect our data. But for most applications, these new standards are the most important thing.”
