NIST Announces their Post-Quantum Cryptographic Algorithms for Standardization

While awareness has been growing of the threat that quantum computing poses to current cryptography, the National Institute of Standards and Technology (NIST), together with the cryptographic community at large, has been working on a solution. They have been holding a standardization process for quantum resistant cryptography, also known as post quantum cryptography (PQC), which is secure against any known cyber-attacks, including attacks utilizing future quantum computers, while being deployable on any current digital device.

The Importance of Standards

Standards are an embodiment of a golden rule in data security, ‘don’t use your own cryptography.’ NIST’s PQC standardization process has been underway for 6 years with the initial call for proposals going out in 2016. In 2017, 69 different submissions were accepted from teams around the world. Since then, NIST has been narrowing the candidate pool and researchers have been performing in-depth cryptanalysis on these algorithms. InfoSec Global is proud to have been an active participate in this process, with one of its shared submissions SPHINCS+ being chosen for standardization, and another one SIKE being strongly considered for future standardization.

NIST Announces the First Four Algorithms for Standardization

On July 5th, 2022, NIST announced a suite of four PQC algorithms that they will standardize:

  • CRYSTALS-KYBER: Currently, this is NIST’s only selected key establishment algorithm. NIST states “KYBER has excellent performance overall in software, hardware and many hybrid settings.”
  • CRYSTALS-DILITHIUM: NIST chose this to be the primary digital signature algorithm stating it is “an excellent choice for a broad range of cryptographic applications.”
  • FALCON: Regarding its second choice of digital signature algorithm, NIST explains “due to its low bandwidth and fast verification, FALCON may be a superior choice in some constrained protocol scenarios.”
  • SPHINCS+: This is a digital signature algorithm that is based on hash functions, for which InfoSec Global is pleased to have been a contributor. It is seen as a highly conservative option.


Next Steps

Once NIST releases its final standards, these new algorithms will become the default choice for secure communications. Though the completed standards may differ slightly from the current versions, the implementations, efficiency, and key sizes will all remain similar. Now is the ideal time to prepare your migration to quantum resistant algorithms, by following these two steps:

  1. Create a systematic inventory of your organization’s current cryptographic assets using a product such as InfoSec Global’s Analytics Tool.
  2. As explained in a White House memo in May 2022, “conduct tests of commercial solutions that have implemented pre-standardized quantum-resistant cryptographic algorithms.  These tests will help identify interoperability or performance issues that may occur in Federal environments at an early stage and will contribute to the mitigation of those issues.” This can be done using InfoSec Global’s crypto AgileSec SDK, a commercial solution designed to allow seamless migration to future quantum resistant algorithms.

These steps will allow your organization to switch to PQC algorithms once NIST releases their final standards with minimum disruption, and to ensure the long-term confidentiality of your information.

NIST’s Future Works

The final standardization of the above algorithms is scheduled for 2024. As an extension of this process, NIST plans on further analyzing four additional key establishment algorithms for possible future standardization: SIKE, BIKE, Classic McEliece, and HQC. SIKE is another algorithm to which InfoSec Global was a contributor, and it could prove particularly useful in certain situations as SIKE has the smallest key sizes of any known PQC algorithms.

In a separate process, NIST plans to issue a new call for proposals for quantum-resistant digital signature algorithms. NIST states it “primarily seeks to diversify its signature portfolio with non-structured lattice signature schemes. NIST may also be interested in signature schemes that have short signatures and fast verification. Submissions in response to this call will be due in 2023.”

One final conclusion from this news and NIST’s continuing work is the clear need for organizations to enable themselves with a Cryptographic Agility Management Tool. This provides the ability to update and replace your cryptographic assets without disrupting existing operations. A crypto-agile approach allows for a plug-and-play installation of different cryptographic modules used in secure connections.

NIST releases the draft of Post-Quantum Cryptographic StandardsNew Signature Algorithms for NIST’s Standardization Project a Main Topic at PQCrypto 2023NIST lists 40 Submissions to their Call for Additional PQC Digital Signatures Schemes