Algorithms agreed for post-quantum security standard
Four algorithms have been chosen for an encryption standard that can withstand quantum computers with key technology from Europe.
The algorithms have been selected by the US National Institute of Standards and Technology (NIST) after a six year competition, all using contributions from researchers and the advisory board at UK startup PQShield.
The four selected encryption algorithms will become part of NIST’s post-quantum cryptographic standard, expected to be finalized in about two years.
- Europe leads on post-quantum encryption technology
- PQShield raises $20m for post quantum security
- Microchip signs PQShield for IoT security
“Today’s announcement is an important milestone in securing our sensitive data against the possibility of future cyberattacks from quantum computers,” said US Secretary of Commerce Gina M. Raimondo. “Thanks to NIST’s expertise and commitment to cutting-edge technology, we are able to take the necessary steps to secure electronic information.”
“NIST constantly looks to the future to anticipate the needs of US industry and society as a whole, and when they are built, quantum computers powerful enough to break present-day encryption will pose a serious threat to our information systems,” said Laurie Locascio, director of NIST. “Our post-quantum cryptography program has leveraged the top minds in cryptography worldwide to produce this first group of quantum-resistant algorithms that will lead to a standard and significantly increase the security of our digital information.”
Four other algorithms are under consideration for inclusion in the standard, and NIST plans to announce the finalists from that round at a future date.
The first four algorithms are designed for two main tasks for which encryption is typically used: general encryption, used to protect information exchanged across a public network; and digital signatures, used for identity authentication.
For general encryption NIST has selected the CRYSTALS-Kyber algorithm. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation.
For digital signatures used to verify identities during a digital transaction or to sign a document remotely, NIST has selected the three algorithms CRYSTALS-Dilithium, FALCON and SPHINCS+.
NIST recommends CRYSTALS-Dilithium as the primary algorithm, with FALCON for applications that need smaller signatures than Dilithium can provide. The third, SPHINCS+, is somewhat larger and slower than the other two, but it is valuable as a backup as it is based on a different math approach, hash functions, from the structured lattice approach used by the other three selections.
While the standard is in development, NIST encourages security experts to explore the new algorithms and consider how their applications will use them, but not to bake them into systems yet, as the algorithms could change slightly before the standard is finalized.
PQShield has been closely involved in the process, as PQShield’s Dr Thomas Prest led and co-authored Falcon. PQShield advisory board members Professor Peter Schwabe from Radboud University and the Max Planck Institute for Security and Privacy and Professor Chris Peikert from the University of Michigan co-authored CRYSTALS-Dilithium, SPHINCS+ and CRYSTALS-KYBER.
“It is great to see the NIST post-quantum cryptography standardization effort come to a first conclusion today after months of anticipation. This has been a major effort for the international research community across both academia and industry, and the team at PQShield has been a big part of this,” said Professor Peter Schwabe, PQShield advisory board member.
“Since the standardization project began in 2016, there’s been a shift in attitudes towards PQC, and it is now understood as a critical part of a secure future. Now, it is going to be exciting to see more and more applications and systems transition to this next generation of asymmetric cryptography.”
“Today’s news marks a turning point in the fight for information security, thanks to a huge effort by NIST and the wider cryptography community,” said Dr Ali El Kaafarani, PQShield’s founder and CEO.
“Previous cryptographic standards meant that the quantum threat touched everyone, with everything from medical records to national intelligence exposed to ‘harvest now, decrypt later’ attacks. NIST’s new Post-Quantum Cryptography (PQC) standards are a welcome arrival, and I am extremely proud of the team at PQShield for their intense efforts in helping to deliver these,” he said.
PQShield is algorithm-agnostic, offering size optimised and side-channel resistant implementations of all relevant NIST PQC finalists in hardware and software, which meant it could support companies in their transition to quantum-readiness even before today’s standards were announced.
Since raising $20 million in Series A funding in January, PQShield has made a series of deals to introduce its quantum-ready cryptographic solutions to organisations across sectors, including a licensing deal with Microchip Technology and a collaboration with Collins Aerospace.
“When it comes to defining PQC standards, the work doesn’t stop here. NIST also confirmed a fourth round today to further examine the alternate schemes BIKE, Classic McEliece, HQC and SIKE, and the team at PQShield will be in action again scrutinising these alongside the wider community,” said El Kaafarani.
“On top of this, NIST also announced a new Call for Proposals to diversify the signature schemes portfolio available – and no doubt our team will submit more candidates. We very much look forward to the road ahead as we collectively work towards a quantum-safe future.”
The news was welcomed by quantum computer makers.
“The announcement from NIST is a major leap towards a quantum-safe economy. Organizations can now accelerate their implementation and testing efforts, safe in the knowledge they aren’t backing the wrong horse,” said Duncan Jones, head of cybersecurity for quantum computer giant Quantinuum, headquartered in Cambridge, UK.
“Specifically, I am pleased that NIST is strongly recommending two algorithms to help cybersecurity professionals focus their implementation efforts. I was also somewhat surprised SPHINCS+ was selected considering its recognized performance limitations but it’s understandable given the vulnerabilities discovered with the Rainbow digital signature.
“This announcement follows hot on the heels of presidential memos that demanded rapid action by federal agencies to address the quantum threat. To those agencies, this NIST announcement is a starting gun for action. Combining these post-quantum algorithms with existing quantum-based technology for generating strong cryptographic keys, organizations can create a cryptographic layer that is impenetrable to the most powerful quantum computers of the future.”
Other related articles
- Post quantum encryption will drive power vulnerabilities
- First trusted module with post quantum firmware update
- Crypto coprocessor is validated by NIST
- ADI looks from 5G to quantum and 6G
- Post-quantum chip has built-in hardware Trojan
- Post-quantum smartcard tech for health data scheme
Other articles on eeNews Europe
- Raspberry Pi adds wireless on $6 pico W board
- First native RISC-V laptop readies for market
- Siemens, Nvidia team for industrial metaverse
- Europe looks to boost deeptech startups
- Icefall identifies vulnerabilities in industrial equipment
- OQC sees UK’s largest quantum computing investment at $46m
- German startup raises €4.6m for room temperature quantum computer