NIST Releases First Post-Quantum Cryptography Standards

The National Institute of Standards and Technology (NIST) said it is looking to transfer all high-priority systems to quantum-resistant cryptography by 2035. Dustin Moody, mathematician in the NIST Computer Security Division, said the transition is necessary for the future because of security concerns with “harvest now, decrypt later.”

NIST has standardized three cryptographic algorithms, but post-quantum cryptography will be secure against attacks from classical and quantum computers, officials said. Currently, there isn’t a large enough quantum computer that threatens the current level of security, but Moody said that agencies need to be prepared ahead of future attacks.

“Suppose your enemy gets a hold of your data today, and you’re not so worried because it’s encrypted. But if a quantum computer comes out and say 10 years, and you were hoping that data to be protected for 15 years … you’re not going to be protecting your data long enough,” Moody said during an ATARC event May 7.

Following a five-year evaluation process, NIST identified in 2022 the four algorithms it would be standardizing and this summer will publish the first post-quantum cryptography standards called Federal Information Processing Standards (FIPS). FIPS will contain three of the four tested algorithms based on code-based cryptography.

NIST selected CRYSTAL-Kyber as the key encapsulation mechanism (KEM) and selected three additional signatures for standardization: CRYSTAL-Dilithium, FALCON and SPINCS+. CRYSTALS-Kyber will be used for general encryption, like securing public-facing websites. CRYSTAS-Dilithium, FALCON and SPHINCS+ will be used when a digital signature is required.

Moody said it’s important to begin the quantum transition now, as the process will take some time. NIST, the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency released a joint fact sheet to help agencies navigate cryptographic inventories and discuss the next steps with vendors.

“Make sure your IT people are tracking what’s going on with the standardization,” he said. “We want you to hold off implementing them in terms of putting them into your products until the final standards come out. But you can certainly test them and see how they will work in your applications,” Moody said.