Getting your Trinity Audio player ready...
|
In the previous year, the National Institute of Standards and Technology (NIST) selected four quantum-resistant algorithms to withstand potential attacks by quantum computers. Recently, the agency has initiated the process of standardising these algorithms, which is the final step before making them accessible for global organisations to incorporate into their encryption systems.
NIST has unveiled preliminary standards for three of the four algorithms chosen in 2022, with plans to release a draft standard for the fourth algorithm, FALCON, in approximately one year. NIST is now urging the global cryptographic community to provide feedback on these draft standards until November 22, 2023.
Presently, sensitive electronic data, including emails and financial transactions, relies on public-key encryption techniques grounded in mathematical problems that conventional computers struggle to solve. Although quantum computers are still in their early stages, a sufficiently potent one could potentially solve these problems, jeopardising data security. These new standards, once finalised, will offer the world its first line of defence against this emerging threat, safeguarding sensitive information from the potential impact of quantum computing.
In 2016, NIST embarked on its mission to create quantum-resistant algorithms by inviting cryptographic experts from around the world to submit potential algorithms to the Post-Quantum Cryptography Standardisation Project. By the November 2017 deadline, experts from numerous countries had contributed 69 eligible algorithms. NIST then publicised these 69 candidate algorithms, encouraging experts to scrutinise and attempt to crack them. This process was characterised by its transparency and openness and involved multiple rounds of evaluation, resulting in fewer candidate algorithms.
While quantum computers with the capacity to defeat current encryption methods have yet to materialise, security experts emphasise the importance of proactive planning due to the time-consuming nature of integrating new algorithms into all computer systems.
NIST has published draft Federal Information Processing Standards (FIPS) for four algorithms selected in July 2022: CRYSTALS-Kyber for general encryption (FIPS 203), CRYSTALS-Dilithium for remote digital signatures (FIPS 204), SPHINCS+ for digital signatures (FIPS 205), and FALCON, which will have its own draft FIPS in 2024. These documents provide technical specifications and practical guidance for implementing these algorithms, with additional support materials to follow.
Additionally, NIST has chosen a second set of algorithms to complement the initial four, with draft standards for these supplementary algorithms set to be released in the coming year. These extra algorithms, likely one or two, are designed for general encryption but utilise different mathematical concepts than CRYSTALS-Kyber, offering alternative defence options in case vulnerabilities arise in the initial selection.
The significance of having these backup options became evident last year when an algorithm initially part of the second set, SIKE, was found to be vulnerable to attacks by external experts using conventional computers. Moody noted that this incident, while somewhat unusual for occurring relatively late in the evaluation process, primarily underscored the effectiveness of their evaluation procedures.
The team aims to stay current with post-quantum cryptography, particularly in digital signatures. Two of the three chosen digital signature methods rely on structured lattices, but they are exploring alternatives to address potential weaknesses in this approach. NIST has recently called for new signature algorithm submissions from cryptographers, with 40 accepted for evaluation in a multi-round public programme over the next few years.