On August 16-18, Vladimir Soukharev and Victoria de Quehen of InfoSecGlobal attended another successful PQCrypto conference in Washington, DC. This conference is dedicated to recent research in post-quantum cryptography (PQC), and covers new algorithms, cryptanalysis, and efficiency improvements. Unlike Eurocrypt 2023, where 3 of the 4 top papers covered last year’s major breaks in isogeny-based cryptography, PQCrypto 2023 yielded no huge surprises but provided many interesting ideas and incremental improvements. The presenters focused on a range of talks, from theoretical discussion of quantum cryptanalysis to practical experiments of hardware implementation of the currently selected National Institute of Standards and Technology (NIST) Post-Quantum Cryptography (PQC) candidates.
Due to the influx of digital signature algorithms to NIST’s recent call for new PQC algorithms, there was a renewed interest and excitement in several PQC areas that had previously been eliminated in NIST’s standardization project. This included the areas of isogenies-based cryptography, multivariate cryptography, and signature algorithms from multi-party computations.
As expected, some recently announced PQC digital signature entries to NIST’s standardization efforts have already been broken. Many of the remaining signature algorithms introduced novel security hypotheses. Researchers will need to spend several years analyzing their security before NIST and the cryptographic community at large feel comfortable recommending them. Additionally, for NIST to choose a new digital signature algorithm for standardization, it must exhibit an improvement in at least one property over the currently selected NIST PQC algorithms (Kyber, Dilithium, FALCON, SPHINCS+, LMS and XMSS) or be different enough from these NIST PQC algorithms to provide a reasonable back-up in case one of the NIST algorithms turns out to be vulnerable.
"Once again, we see that the research and standardization process is quite complex and requires a lot of time and effort,” states Vladimir Soukharev, VP of Cryptographic Research and Development at InfoSec Global. “We are in the stage where research continues, and at the same time, we must already start the path of quantum-safety. To be able to achieve that, we need to ensure we are crypto-agile." We recommend solutions such as InfoSec Global’s Cryptographic Agility Management Platform to incorporate crypto-agility in your applications.
Overall, while we expect scrutiny of NIST’s new digital signatures to take multiple years, hopefully, this process results in standards with improved properties or at least exciting trade-offs. This ongoing research in PQC highlights the need for crypto-agile solutions in order for organizations to be ready for the standards to come.
Authors: Victoria de Quehen and Dr. Vladimir Soukharev
About the Co-author:
Vladimir Soukharev is the Principal Cryptographic Technologist & Chief Post-Quantum Researcher at InfoSec Global. In this position, he is leading innovations and optimizations in modern cryptography, leading the path to cryptographic agility, and working on the cryptographic lifecycle management. He is also conducting post-quantum cryptographic research and influencing and contributing to product development. Dr. Soukharev is actively working with NIST on new post-quantum standards, was part of the Centre of Applied Cryptographic Research and CryptoWorks21. He received his Ph.D. in Cryptography, Security and Privacy from David R. Cheriton School of Computer Science at the University of Waterloo and has dedicated his career to advancing the knowledge and application of advanced cryptography and cyber security technologies to protect vital information and communications.