The National Institute of Standards and Technology (NIST) has announced the first group of winners from its six-year quantum-resistant cryptographic algorithm competition.
The first group of four winners designed encryption tools to withstand assaults from future quantum computers. They will become part of NIST’s post-quantum cryptographic standard, which is expected to be finalized in two years.
“Today’s announcement is an important milestone in securing our sensitive data against the possibility of future cyberattacks from quantum computers,” said Secretary of Commerce Gina M. Raimondo in a press release. “Thanks to NIST’s expertise and commitment to cutting-edge technology, we are able to take the necessary steps to secure electronic information so U.S. businesses can continue innovating while maintaining the trust and confidence of their customers.”
The algorithms chosen are designed for two main encryption tasks: general encryption to protect information exchanged across a public network; and digital signatures used for identity authentication.
For general encryption, NIST selected the CRYSTALS-Kyber algorithm; and for digital signatures, NIST selected CRYSTALS-Dilithium, FALCON, and SPHINCS+.
Four additional algorithms are under consideration for inclusion in the standard, which NIST plans to announce at a future date.
Three of the algorithms selected are based on a family of math problems called structured lattices, while SPHINCS+ uses hash functions. The four additional algorithms under consideration for a later date are designed for general encryption and don’t use structured lattices or hash functions in the approaches.
“NIST constantly looks to the future to anticipate the needs of U.S. industry and society as a whole, and when they are built, quantum computers powerful enough to break present-day encryption will pose a serious threat to our information systems,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio.
“Our post-quantum cryptography program has leveraged the top minds in cryptography — worldwide — to produce this first group of quantum-resistant algorithms that will lead to a standard and significantly increase the security of our digital information,” she adds.
Today’s announcement comes after a six-year journey by NIST to call upon the world’s cryptographers to devise and then vet encryption methods to resist attacks from future quantum computers more powerful than the comparatively limited machines available today, and with the potential to crack the security for protecting privacy in digital systems such as online banking and email software.
Meanwhile, NIST is encouraging security experts to explore new algorithms while the standard is being developed. It also recommends considering how their applications will use new algorithms, but to not bake them into their systems just yet.