The first set of standards for post-quantum cryptography have been published – here’s what it means for you
The National Institute of Standards and Technology (NIST) has issued The first three encryption standards are designed to withstand decryption attempts by a quantum computer.
Quantum computers will have computing power millions of times faster than today’s supercomputers, and will be able to crack current encryption standards just as quickly.
As a result, cybercriminals are already attacking organizations and stealing their encrypted data with the intention of decrypting it when they get their hands on a quantum computer. This day is known in the security community as Q-Day.
Defending against Q-Day
Our current encryption standards protect almost everything we do on the internet. However, they are not enough to protect us from quantum computers. That is why new encryption algorithms are currently being developed that are resistant to attacks from quantum computers. These algorithms protect us from theft, but also from future hacks.
Quantum computers are particularly good at factoring, which can be used to quickly crack encryption methods. Experts predict that the first quantum computers could appear within 10 years, but for now they will probably only be operational for research and development purposes in the hands of their manufacturers, and it will be several years before commercially available quantum computers appear on the market.
NIST has been working on the development of these three encryption standards for eight years, attracting the best and brightest from the encryption community.
“Advances in quantum computing play a critical role in cementing America’s status as a global technological powerhouse and fueling the future of our economic security,” said U.S. Assistant Secretary of Commerce Don Graves.
“Trade agencies are working to ensure U.S. competitiveness in quantum, including the National Institute of Standards and Technology, which is spearheading this government-wide effort. NIST is providing invaluable expertise to develop innovative solutions to our quantum challenges, including security measures like post-quantum cryptography that organizations can implement to secure our post-quantum future.”
“As this decade-long endeavor continues, we look forward to Commerce continuing its leadership role in this critical area,” Graves concluded.
Included in the encryption standards are the computer code of the algorithms, implementation instructions, and the intended use for each form of encryption. The first, called Federal Information Processing Standard (FIPS) 203, is a general encryption standard based on the CRYSTALS-Kyber algorithm, renamed Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM).
The second, FIPS 204, is designed to protect digital signatures using the CRYSTALS-Dilithium algorithm, renamed Module-Lattice-Based Digital Signature Algorithm (ML-DSA). The last encryption standard, FIPS 205, is also designed for digital signatures, but uses a different standard than ML-DSA in case vulnerabilities are discovered in FIPS 204. FIPS 205 uses the Sphincs+ algorithm, renamed Stateless Hash-Based Digital Signature Algorithm (SLH-DSA).