This article is published in the October 2023 issue.

NIST to Standardize Encryption Algorithms That Can Resist Attack by Quantum Computers

by Maddy Hunter, Program Associate, CCC 

Last year, the National Institute of Standards and Technology (NIST) set out to create four new algorithms capable of withstanding an attack by quantum computers. Last month, NIST released draft standards for three new algorithms, with a fourth planned to be released in about a year.

  • CRYSTALS-Kyber, designed for general encryption purposes such as creating secure websites, is covered in FIPS 203.
  • CRYSTALS-Dilithium, designed to protect the digital signatures we use when signing documents remotely, is covered in FIPS 204.
  • SPHINCS+, also designed for digital signatures, is covered in FIPS 205.
  • FALCON, also designed for digital signatures, is slated to receive its own draft FIPS in 2024.

This has been the part of a multi-year effort, starting in 2016 when the agency called on the world’s cryptographic experts to submit candidate algorithms to NIST’s Post-Quantum Cryptography Standardization Project. NIST then released the 69 candidate algorithms for experts to analyze, and to crack if they could. This process was open and transparent, and many of the world’s best cryptographers participated in multiple rounds of evaluation, which reduced the number of candidates.

This effort comes at an imperative time with the rise and advancements of quantum computing and its potential capabilities to obliterate current cybersecurity standards. Currently encryption acts as an imperative security technique, using public-key encryption techniques (math problems a conventional computer cannot readily solve) to protect sensitive online data and transfers. While still being developed, quantum computing has the potential to solve these problems resulting in mass security breaches.

You can read the full announcement on the NIST website here.

A 2018 Computing Community Consortium (CCC) Workshop report “Next Steps in Quantum Computing: Computer Science’s Role” highlighted the major need and effort underway to find “post-quantum” public-key cryptosystems that could resist a quantum attack. As a continuation, in May 2023 the CCC held a workshop “5 Year Update to the Next Steps in Quantum Computing Workshop“.  

The workshop focused on discussing the following topics:

  1. Technologies and Architectures with a View Towards Scaling,
  2. Applications and Algorithms,
  3. Fault Tolerance and Error Mitigation,
  4. Hybrid Quantum-Classical Systems: Architectures, Resource Management, and Security, and
  5. Tools and Programming Languages.

Be on the lookout for a report in the coming months.