View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Hardware
  2. Quantum
August 25, 2023

NIST publishes post-quantum cryptography standards

The new NIST standards will replace existing cryptographic standards that are most at risk of being broken by quantum computers.

By Ryan Morrison

A set of draft standards designed to help keep data, networks and infrastructure safe from future hackers using quantum computers has been published by the US National Institute for Standards and Technology (NIST). There are four algorithms in total but only three have been published as part of this round.

NIST published its first shortlist in 2022 and is expected the finalise the new standards sometime next year (Photo:  grandbrothers / Shutterstock)
NIST published its first shortlist in 2022 and is expected the finalise the new standards sometime next year. (Photo by grandbrothers/Shutterstock)

NIST has been working on the final selection of post-quantum algorithms for seven years, with experts, companies and other organisations to test and finalise a set of standards by next year. The new cryptographic standards will be available for public and private organisations to integrate into products and infrastructure.

This time last year, four candidate standards were put forward by NIST, including CRYSTALS-Kyper, which is designed for general encryption purposes. The other three were all focused on securing digital signatures. These included CRYSTALS-Dilithium, SPHINCS+ and FALCON.

All of the standards except FALCON have been given draft Federal Information Processing Standard (FIPS) status, with their publication as official standards set to be confirmed next year. FALCON will have to wait until next year to be given its FIPS status.

NIST’s aim is that, over time, its new post-quantum encryption standards will replace the institution’s current cryptographic standards that are most vulnerable to quantum computers, namely FIPS 186-5, NIST SP 800-56A and NIST SP 800-56B. A hybrid version of a NIST-approved algorithm, ‘X25519Kyber768’, was recently woven into Google’s Chrome browser.

NIST has asked the global cryptographic community to provide feedback on the draft standards ahead of the November deadline. “We’re getting close to the light at the end of the tunnel, where people will have standards they can use in practice,” said Dustin Moody, a NIST mathematician and leader of the project. “For the moment, we are requesting feedback on the drafts. Do we need to change anything, and have we missed anything?”

Plans for future rounds

The new algorithms will be used to protect sensitive electronic information, replacing existing public-key encryption techniques based on mathematical problems quantum computers will be able to easily crack. They will also protect data stolen today with the aim of cracking it in the future, or so-called ‘Harvest Now, Decrypt Later’ attacks – though such breaches are, for the moment, entirely theoretical.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

When NIST started its competition to find new post-quantum encryption standards in 2016, 69 eligible algorithms were put forward by companies and organisations. Many of these were, unfortunately, cracked early on during the initial evaluation process by classical computers.

There will be future rounds for additional standards, with a second set of algorithms already going through evaluation and set for draft publication next year. This may include more general-purpose encryption along the same lines as CRYSTALS-Kyber. “They will offer alternative defence methods should one of the selected algorithms show a weakness in the future,” explained Moody.

The NIST draft standards will likely become the global benchmark for post-quantum cryptography. Dr Ali El Kaafarani, PQShield’s founder and CEO, told Tech Monitor their publication marks a “significant turning point” for the cryptographic community. The Oxford-based startup contributed to the design schemes used in all four of the initial draft standards and claims it is already seeing interest for their implementation from companies in the defence, automotive and semiconductor sectors. This includes Collins Aerospace, MBDA Missile Systems, HCL Technologies, Lattice Semiconductor, and AMD.

“Previously, a key barrier to adoption and migration to post-quantum cryptography has been confidence in exactly how and when the new algorithms will be finalised,” says Kaafarani. “NIST’s new draft standards provide this assurance and a framework that allows everyone to move forward. This is a testament to the expertise of our world-leading researchers and engineers as well as the collective dedication of the entire post-quantum cryptography community.”

Read more: Can post-quantum encryption save the internet?

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.