The first four algorithms NIST published for post-quantum cryptography are based on structured networks and hash functions, two families of problems that can resist attack by quantum computers.
Credit:
N. Hanacek/NIST
GAITHERSBURG, Md. — The National Institute of Standards and Technology (NIST) of the U.S. Department of Commerce has selected the first group of cryptographic tools designed to withstand future quantum computer attack, which is capable of cracking Security keys are used to protect privacy in the digital systems we rely on every day — such as email software and online banking. The four selected cryptographic algorithms will become part of NIST’s post-quantum cryptography standard, which is expected to be finalized in about two years.
“Today’s announcement is an important milestone in securing our sensitive data against the potential for future cyberattacks from quantum computers,” said Commerce Secretary Gina M. Raimondo. “Thanks to NIST’s expertise and commitment to cutting-edge technology, we are able to take the necessary steps to secure electronic information so U.S. businesses can continue to innovate while maintaining trust.” customer trust and confidence.”
The announcement comes after a six-year effort managed by NIST, which in 2016 called on cryptographers around the world to devise and then test encryption methods that could resist the attack. The work from a future quantum computer is more powerful than today’s relatively limited computers. The selection constitutes the beginning of the last part of the agency’s post-quantum cryptographic standardization project.
“NIST is constantly looking to the future to anticipate the needs of the entire US industry and society, and when they are built, quantum computers powerful enough to break today’s encryption will cause problems. serious threat to our information systems,” said Undersecretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio. “Our post-quantum cryptography program has leveraged the leading minds in cryptography — worldwide — to create this first group of quantum-resistant algorithms, which will lead to a standard and significantly enhances the security of our digital information.”
Four additional algorithms are being considered for inclusion in the standard, and NIST plans to announce the finalists from that round at a future date. NIST is announcing its picks in two phases because of the need for more powerful defensive tools. As cryptographers recognized at the outset of the NIST effort, there are many different systems and tasks that use encryption, and a useful standard provides solutions designed for different situations. , which uses different encryption methods and exposes more than one algorithm for each use case in the event that a person proves to be vulnerable.
“Our post-quantum cryptography program has leveraged the leading minds in cryptography — worldwide — to create this first group of quantum-resistant algorithms, which will lead to a standard and significantly enhances the security of our digital information.” —NIST Director Laurie E. Locascio
Encryption uses math to protect sensitive electronic information, including the secure websites we surf and the emails we send. Widely used public key encryption systems, based on problems that even the fastest conventional computers find difficult to solve, ensure these web pages and mail are inaccessible to other users. unwanted third parties.
However, a capable quantum computer, based on technology different from the conventional computers we have today, could solve these problems quickly, beating cryptographic systems. To combat this threat, four quantum-resistant algorithms are based on problems that both conventional and quantum computers have difficulty solving, thus protecting both current and future privacy. future.
Algorithms are designed for two main tasks for which encryption is commonly used: general encryption, used to protect information exchanged over public networks; and digital signatures, used for identity authentication. All four algorithms are created by collaborative experts from many countries and institutions.
For general encryption, used when we visit secure websites, NIST has chosen the CRYSTALS-Kyber algorithm. Among its advantages are the relatively small encryption keys that two parties can exchange easily, as well as its speed of operation.
For digital signatures, commonly used when we need to verify identity in a digital transaction or to sign a document remotely, NIST has chosen three algorithms CRYSTALS-Dilithium, FALCON and SPHINCS+ (pronounced “Sphincs plus”). Reviewers noted the high performance of the first two algorithms, and NIST recommends CRYSTALS-Dilithium as the primary algorithm, with FALCON for applications that need signatures smaller than Dilithium can provide. The third part, SPHINCS+, is slightly larger and slower than the other two, but it’s valuable as a fallback for one main reason: It’s based on a different mathematical approach than all three NIST’s other options.
Three of the algorithms are chosen based on a family of problems known as structured networks, while SPHINCS+ uses hash functions. The four additional algorithms still under consideration are designed for general encryption and do not use structured networks or hashing in their approaches.
While the standard is being developed, NIST encourages security professionals to explore new algorithms and consider how their applications will use them, but has not yet included them in their systems, as the algorithms are not yet available. The math may change slightly before the standard is finalized.
In preparation, users can inventory their systems for applications that use public key cryptography, which will need to be replaced before cryptographically related quantum computers appear. They can also notify IT and vendors of upcoming changes. To participate in the development of a guide to post-quantum cryptography, see the NIST National Cybersecurity Center of Excellence project page.
All algorithms are available on the NIST website.
