NIST Releases First Post-Quantum Cryptography Standards
The standards agency is working with other agencies to ensure post-quantum cryptography readiness across government.
The National Institute of Standards and Technology (NIST) said it is looking to transfer all high-priority systems to quantum-resistant cryptography by 2035. Dustin Moody, mathematician in the NIST Computer Security Division, said the transition is necessary for the future because of security concerns with “harvest now, decrypt later.”
NIST has standardized three cryptographic algorithms, but post-quantum cryptography will be secure against attacks from classical and quantum computers, officials said. Currently, there isn’t a large enough quantum computer that threatens the current level of security, but Moody said that agencies need to be prepared ahead of future attacks.
“Suppose your enemy gets a hold of your data today, and you’re not so worried because it’s encrypted. But if a quantum computer comes out and say 10 years, and you were hoping that data to be protected for 15 years … you’re not going to be protecting your data long enough,” Moody said during an ATARC event May 7.
Following a five-year evaluation process, NIST identified in 2022 the four algorithms it would be standardizing and this summer will publish the first post-quantum cryptography standards called Federal Information Processing Standards (FIPS). FIPS will contain three of the four tested algorithms based on code-based cryptography.
NIST selected CRYSTAL-Kyber as the key encapsulation mechanism (KEM) and selected three additional signatures for standardization: CRYSTAL-Dilithium, FALCON and SPINCS+. CRYSTALS-Kyber will be used for general encryption, like securing public-facing websites. CRYSTAS-Dilithium, FALCON and SPHINCS+ will be used when a digital signature is required.
Moody said it’s important to begin the quantum transition now, as the process will take some time. NIST, the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency released a joint fact sheet to help agencies navigate cryptographic inventories and discuss the next steps with vendors.
“Make sure your IT people are tracking what’s going on with the standardization,” he said. “We want you to hold off implementing them in terms of putting them into your products until the final standards come out. But you can certainly test them and see how they will work in your applications,” Moody said.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
DODIN Strategy Aims to Outpace Cyber Threats
JFHQ-DODIN Commander Lt. Gen. Paul Stanton says the new "How We Prevail" plan moves from reactive defense to proactive threat mitigation.
4m read -
Preparing for the Future Cyber Landscape
CISA, CFPB and Rubrik discuss how they’re building cybersecurity best practices and developing their workforces to prepare for the future threat landscape and bolster cyber resilience.
30m watch -
Air Force Chief: Modernization Is Critical to Maintaining Superiority
Air Force Secretary Frank Kendall cites AI, automation and cyber resilience as key modernization components to outpace China by 2050.
3m read -
Trump Nominees Enter Senate Confirmation Hearings This Week
Donald Trump’s cabinet picks will begin Senate hearings this week. This includes VA's Doug Collins and others shaping future IT priorities.
6m read