NIST Picks 4 Quantum-Resistant Cryptographic Algorithms

At long last, the National Institute of Standards and Technology (NIST) has announced the first four quantum-resistant algorithms that will become part of the post-quantum-cryptographic standard. The chosen algorithms are CRYSTALS-Kyber for general encryption to access secure websites and CRYSTALS-Dilithium, FALCON, and SPHINCS+ for digital signatures.

The post-quantum cryptographic standard, expected to be finalized in about two years, will help enterprises prepare their environments for the time when quantum computers will be powerful — and readily available — enough that they will be able to break present-day encryption. Researchers estimate that post-quantum threats could be reality as soon as 2030.

Attackers are also harvesting and hoarding sensitive information with the expectation that they can crack it later when quantum computing methods become available.

"Since the standardization project began in 2016, there's been a shift in attitudes towards PQC, and it is now understood as a critical part of a secure future. Now, it is going to be exciting to see more and more applications and systems transition to this next generation of asymmetric cryptography," said Peter Schwabe, cryptographic engineering professor and PQShield advisory board member, in a statement.

The NIST announcement comes after a busy few months. US President Joe Biden has issued two related directives: to foster better quantum technology research within government and to guide agencies to a post-quantum cryptographic standard. Any digital system that uses public standards for public-key cryptography could be vulnerable to an attack by quantum computers in the future. A White House memo in January called for government agencies to identify any encryption not compliant with quantum-proof standards and provide a timeline towards transition.

The agency plans to include four additional algorithms before finalizing the cryptographic standard. The schemes BIKE, Classic McEliece, HQC, and SIKE are expected to be considered.

"In practice, this means that CSOs need to take stock of their organization's ability to rapidly switch the cryptographic algorithms that underpin your data security, without upending your entire infrastructure- an approach commonly known as being 'crypto-agile,'" says Edlyn Teske, a senior expert with Cryptomathic, which specializes in cryptography for e-commerce security systems.