NIST Releases First Post-Quantum Cryptography Standards
The standards agency is working with other agencies to ensure post-quantum cryptography readiness across government.
The National Institute of Standards and Technology (NIST) said it is looking to transfer all high-priority systems to quantum-resistant cryptography by 2035. Dustin Moody, mathematician in the NIST Computer Security Division, said the transition is necessary for the future because of security concerns with “harvest now, decrypt later.”
NIST has standardized three cryptographic algorithms, but post-quantum cryptography will be secure against attacks from classical and quantum computers, officials said. Currently, there isn’t a large enough quantum computer that threatens the current level of security, but Moody said that agencies need to be prepared ahead of future attacks.
“Suppose your enemy gets a hold of your data today, and you’re not so worried because it’s encrypted. But if a quantum computer comes out and say 10 years, and you were hoping that data to be protected for 15 years … you’re not going to be protecting your data long enough,” Moody said during an ATARC event May 7.
Following a five-year evaluation process, NIST identified in 2022 the four algorithms it would be standardizing and this summer will publish the first post-quantum cryptography standards called Federal Information Processing Standards (FIPS). FIPS will contain three of the four tested algorithms based on code-based cryptography.
NIST selected CRYSTAL-Kyber as the key encapsulation mechanism (KEM) and selected three additional signatures for standardization: CRYSTAL-Dilithium, FALCON and SPINCS+. CRYSTALS-Kyber will be used for general encryption, like securing public-facing websites. CRYSTAS-Dilithium, FALCON and SPHINCS+ will be used when a digital signature is required.
Moody said it’s important to begin the quantum transition now, as the process will take some time. NIST, the National Security Agency (NSA), and the Cybersecurity and Infrastructure Security Agency released a joint fact sheet to help agencies navigate cryptographic inventories and discuss the next steps with vendors.
“Make sure your IT people are tracking what’s going on with the standardization,” he said. “We want you to hold off implementing them in terms of putting them into your products until the final standards come out. But you can certainly test them and see how they will work in your applications,” Moody said.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Satcom Innovation Critical as Battlefield Expands to Space
Defense leaders say satellite communications modernization requires moving data efficiently while thwarting threats.
4m read -
DOD AI Deputy: AI is an 'Enabler' of Mission Areas
Pentagon Chief Digital and AI Office's Margaret Palmieri said AI is part of nearly everything DOD does to enhance mission and warfighting.
5m read -
DOD Leaders Cite Successes in Proactive Cyber Defense Efforts
Army and NSA officials discuss how strategies like Hunt Forward operations are defeating cyber adversaries.
4m read -
Boosting the Public Sector Cybersecurity Workforce
ISC2's Tara Wisniewski spoke about skills-based hiring in cybersecurity and how agencies can hire cyber pros easier.
11m listen