NIST Releases First Post-Quantum Cryptography Standards
The standards agency is working with other agencies to ensure post-quantum cryptography readiness across government.
The National Institute of Standards and Technology (NIST) said it is looking to transfer all high-priority systems to quantum-resistant cryptography by 2035. Dustin Moody, mathematician in the NIST Computer Security Division, said the transition is necessary for the future because of security concerns with “harvest now, decrypt later.”
NIST has standardized three cryptographic algorithms, but post-quantum cryptography will be secure against attacks from classical and quantum computers, officials said. Currently, there isn’t a large enough quantum computer that threatens the current level of security, but Moody said that agencies need to be prepared ahead of future attacks.
“Suppose your enemy gets a hold of your data today, and you’re not so worried because it’s encrypted. But if a quantum computer comes out and say 10 years, and you were hoping that data to be protected for 15 years … you’re not going to be protecting your data long enough,” Moody said during an ATARC event May 7.
Following a five-year evaluation process, NIST identified in 2022 the four algorithms it would be standardizing and this summer will publish the first post-quantum cryptography standards called Federal Information Processing Standards (FIPS). FIPS will contain three of the four tested algorithms based on code-based cryptography.
NIST selected CRYSTAL-Kyber as the key encapsulation mechanism (KEM) and selected three additional signatures for standardization: CRYSTAL-Dilithium, FALCON and SPINCS+. CRYSTALS-Kyber will be used for general encryption, like securing public-facing websites. CRYSTAS-Dilithium, FALCON and SPHINCS+ will be used when a digital signature is required.
Moody said it’s important to begin the quantum transition now, as the process will take some time. NIST, the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency released a joint fact sheet to help agencies navigate cryptographic inventories and discuss the next steps with vendors.
“Make sure your IT people are tracking what’s going on with the standardization,” he said. “We want you to hold off implementing them in terms of putting them into your products until the final standards come out. But you can certainly test them and see how they will work in your applications,” Moody said.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
DOD Shifts Cyber Workforce Strategy to Prioritize Skills Over Pedigree
Defense officials and experts say that hiring and maintaining cyber talent is critical to national security.
4m read -
Trump's Intelligence Pick Backs Cybersecurity, Tech Accountability
The former congresswoman has called for improving cyber defenses and advocated for accountability in federal tech and data practices.
2m read -
DHS Leads Government’s Largest Civilian AI Hiring Effort
On this AI GovCast miniseries, Boyce discusses his journey to the agency with his prior roles at the Office of Management and Budget.
15m listen -
Federal IT Trends in 2024, Outlook for 2025
Federal IT advancements in 2024 showcased the transformative potential of emerging technologies, particularly artificial intelligence.
2m read