NIST releases finalized post-quantum encryption standards

NIST has finalized its principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer. The announced algorithms are specified in the first completed standards from NIST’s post-quantum cryptography (PQC) standardization project and are ready for immediate use.

“The transition to quantum security will protect critical national infrastructure and make the entire technology supply chain more secure for decades – but modernizing vital security systems and components won’t happen overnight. With the threat of ‘harvest-now-decrypt-later’ attacks, organizations that haven’t already started planning for post-quantum cryptography are already behind,” Dr. Ali El Kaafarani, CEO of PQShield, told Help Net Security.

New post-quantum encryption standards

The three new standards are built for the future. Quantum computing technology is developing rapidly, and some experts predict that a device capable of breaking current encryption methods could appear within a decade, threatening the security and privacy of individuals, organizations, and entire nations.

The standards — containing the encryption algorithms’ computer code, instructions for implementing them, and their intended uses — are the result of an eight-year effort managed by NIST, which has a long history of developing encryption. The agency has rallied the world’s cryptography experts to conceive, submit and then evaluate cryptographic algorithms that could resist the assault of quantum computers. The nascent technology could revolutionize fields from weather forecasting to fundamental physics to drug design, but it also carries threats.

“Quantum computing technology could become a force for solving many of society’s most intractable problems, and the new standards represent NIST’s commitment to ensuring it will not simultaneously disrupt our security,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio. “These finalized standards are the capstone of NIST’s efforts to safeguard our confidential electronic information.”

Encryption

Encryption carries a heavy load in modern digitized society. It protects countless electronic secrets, such as the contents of email messages, medical records and photo libraries, as well as information vital to national security. Encrypted data can be sent across public computer networks because it is unreadable to all but its sender and intended recipient.

Encryption tools rely on complex math problems that conventional computers find difficult or impossible to solve. A sufficiently capable quantum computer, though, would be able to sift through a vast number of potential solutions to these problems very quickly, thereby defeating current encryption. The algorithms NIST has standardized are based on different math problems that would stymie both conventional and quantum computers.

“These finalized standards include instructions for incorporating them into products and encryption systems,” said NIST mathematician Dustin Moody, who heads the PQC standardization project. “We encourage system administrators to start integrating them into their systems immediately, because full integration will take time.”

Moody said that these standards are the primary tools for general encryption and protecting digital signatures.

Evaluating other sets of algorithms

NIST also continues to evaluate two other sets of algorithms that could one day serve as backup standards.

One of these sets consists of three algorithms designed for general encryption but based on a different type of math problem than the general-purpose algorithm in the finalized standards. NIST plans to announce its selection of one or two of these algorithms by the end of 2024.

The second set includes a larger group of algorithms designed for digital signatures. In order to accommodate any ideas that cryptographers may have had since the initial 2016 call for submissions, NIST asked the public for additional algorithms in 2022 and has begun a process of evaluating them. In the near future, NIST expects to announce about 15 algorithms from this group that will proceed to the next round of testing, evaluation and analysis.

While analysis of these two additional sets of algorithms will continue, Moody said that any subsequent PQC standards will function as backups to the three that NIST announced today.

“There is no need to wait for future standards,” he said. “Go ahead and start using these three. We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event.”

“Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographically-relevant quantum computers (CRQCs) arrive. These are quantum computers that are powerful enough to break the asymmetric cryptography used to protect communications and devices on the internet, and they could arrive in as little as 5-10 years. The good news is that the problem can be solved by switching to new hard math problems that are not vulnerable to quantum computers, and the new NIST standards describe in precise detail exactly how to use these new hard math problems to protect internet traffic in the future. Leading internet security companies, including DigiCert, have already implemented these algorithms, and are preparing to deploy them at scale to make sure the internet remains secure during this important transition,” said Tim Hollebeek, Industry and Standards Technical Strategist at DigiCert.