The National Institute of Science and Technology (NIST) has selected 14 post-quantum cryptographic (PQC) signatures which will begin to make their way toward the public, a top Federal official said on Thursday.  

Speaking at the 2024 AFCEA Tech Summit on Oct. 24, Bill Newhouse, the cybersecurity engineer and project lead for the National Cybersecurity Center of Excellence at NIST, said after receiving 40 offers for digital signatures – an encryption tool using digital codes that are difficult to duplicate – NIST will begin evaluating 14 of them for public release.  

“They just down selected to fourteen today, so that means fourteen will now get more scrutiny for the next couple years, as they move towards society,” said Newhouse. “The cool part of also this is a validation process at both the non-national security and the national security level for using these crypto algorithms.”  

Unveiling three out of four encryption algorithms in August – CRYSTALS-Kyber, CRYSTALS-Dilithium, and Sphincs+ – to provide general encryption and protect digital signatures, NIST has now been looking for more diversity in digital signatures, Newhouse said.  

The algorithms are built to withstand cyberattacks from quantum computers which complete complex calculations exponentially faster than classical computers and can break many current in-use encryptions. 

While Federal officials aren’t sure when quantum cyberattacks will begin, it will likely begin in the next decade, according to NIST.  

“We think we’ll start seeing some hints that adversaries have this capability, but we don’t know how far in the future that’s going to be,” said Phil Stupak, assistant national cyber director of the Office of the National Cyber Director, speaking at the same event.  

In addition to digital signatures and encryption algorithms, Stupak said that the Federal government is looking for industry to adopt PQC standards into products and services. 

“Everyone here knows this is probably the first year that we can begin experimenting with buying some of these products,” said Stupak. “That’s because they will become available, they’ll move through FedRAMP, they’ll move through all the certification processes. I’ll probably have a couple things by the end of the year, but next fiscal year [FY 2026], is when I really need that step up in budget in order to start this transition.” 

The fourth algorithm, FALCON, will be released as a draft by the end of this year.  

Read More About
About
Weslan Hansen
Weslan Hansen
Weslan Hansen is a MeriTalk Staff Reporter covering the intersection of government and technology.
Tags