The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has finalized its primary set of encryption algorithms designed to withstand the potential cyberattacks posed by quantum computers. These algorithms, part of NIST’s post-quantum cryptography (PQC) standardization project, represent a significant advancement in securing data against the emerging threat of quantum computing. Quantum computers, which operate differently from classical computers, could eventually break current encryption methods, making these new standards crucial for future cybersecurity.
NIST initiated the process in 2015, evaluating 82 algorithms from 25 countries. After a rigorous selection process, four algorithms were chosen for standardization. The finalized standards include three algorithms:
- Federal Information Processing Standard (FIPS) 203, intended as the primary standard for general encryption. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation. The standard is based on the CRYSTALS-Kyber algorithm, which has been renamed ML-KEM, short for Module-Lattice-Based Key-Encapsulation Mechanism.
- FIPS 204, intended as the primary standard for protecting digital signatures. The standard uses the CRYSTALS-Dilithium algorithm, which has been renamed ML-DSA, short for Module-Lattice-Based Digital Signature Algorithm.
- FIPS 205, also designed for digital signatures. The standard employs the Sphincs+ algorithm, which has been renamed SLH-DSA, short for Stateless Hash-Based Digital Signature Algorithm. The standard is based on a different math approach than ML-DSA, and it is intended as a backup method in case ML-DSA proves vulnerable.
Similarly, when the draft FIPS 206 standard built around FALCON is released, the algorithm will be dubbed FN-DSA, short for FFT (fast-Fourier transform) over NTRU-Lattice-Based Digital Signature Algorithm.
IBM played a crucial role in developing these standards. Two of the finalized algorithms, ML-KEM and ML-DSA, were developed by IBM researchers in collaboration with industry and academic partners. SLH-DSA, another of the selected algorithms, was co-developed by a researcher now affiliated with IBM. These algorithms mark a critical step in protecting global data from the potential threats posed by quantum computing. The new standards are now available for immediate use, enabling governments and industries worldwide to begin adopting post-quantum cybersecurity measures.
NIST has also made testing for these new algorithms available through its Automated Cryptographic Validation Test System (ACVTS), allowing vendors to validate their implementations.
Key Points:
- NIST finalizes three post-quantum cryptography algorithms: ML-KEM, ML-DSA, and SLH-DSA.
- The standards are designed to protect data from potential quantum computing threats.
- IBM developed two of the finalized algorithms and contributed to a third.
- A fourth algorithm, FN-DSA, is expected to be standardized by late 2024.
- NIST’s testing system is now available for validating these new encryption standards.
“Quantum computing technology could become a force for solving many of society’s most intractable problems, and the new standards represent NIST’s commitment to ensuring it will not simultaneously disrupt our security,” said NIST Director Laurie E. Locascio.