Draft post-quantum cryptography (PQC) standards have been published by the US National Institute of Standards and Technology (NIST). The new framework is designed to help organizations protect themselves from future quantum-enabled cyber-attacks.
The draft documents were published on August 24, 2023, and encompass three draft Federal Information Processing Standards (FIPS).
These standards were selected by NIST following a process that began in December 2016, when the agency issued a public call for submissions to the PQC Standardization Process.
After several rounds of selection, NIST announced the four encryption algorithms that would form its PQC standard in July 2022. The CRYSTALS-Kyber algorithm was chosen for general encryption (used for access to secure websites) and CRYSTALS-Dilithium, FALCON and SPHINCS+ were selected for digital signatures.
These algorithms are incorporated into the three FIPS published by NIST:
- FIPS 203, a Module-Lattice-Based Key-Encapsulation Mechanism Standard, a particular type of key establishment scheme which can be used to establish a shared secret key between two parties communicating over a public channel.
- FIPS 204, a Module Lattice-Based Digital Signature Standard, derived from the CRYSTALS-Dilithium submission.
- FIPS 205, a Stateless Hash-based Digital Signature Standard, derived from the SPHINCS+ submission.
NIST is now requesting industry feedback on the draft documents, which must be received on or before November 22, 2023.
It is expected that the standards will become the global benchmark for quantum-resistant cybersecurity across the world in 2024.
Preparing for Q-Day
The PQC Standardization Process forms part of efforts to facilitate quantum-secured technologies before ‘Q-Day’ – the point at which quantum computers are able to break existing cryptographic algorithms.
Experts believe this will occur in the next five to 10 years, potentially leaving all digital information vulnerable to cyber-threat actors under current encryption protocols.
In December 2022, President Joe Biden signed the Quantum Computing Cybersecurity Preparedness Act into law, which mandates US federal agencies to eventually migrate all IT systems to post-quantum cryptography.
Dr Ali El Kaafarani, founder and CEO of PQShield, which contributed to and advised on all candidate algorithms developed as part of the NIST standardization process, commented: “The release of the draft standards marks a significant turning point for PQShield and the entire cryptographic community.
“Previously, a key barrier to adoption and migration to post-quantum cryptography has been confidence in exactly how and when the new algorithms will be finalized. NIST’s new draft standards provide this assurance and a framework that allows everyone to move forward. This is a testament to the expertise of our world-leading researchers and engineers as well as the collective dedication of the entire post-quantum cryptography community.”
In July 2023, a paper from the European Policy Centre urged the European Union to develop a Coordinated Action Plan to facilitate quantum-secured technologies in preparation of Q-Day.