NIST approves post quantum encryption standards
Cette publication existe aussi en Français
The US National Institute for Standards and Technology (NIST) has officially approved a new set of encryption algorithms for post quantum cryptography (PQC) standards.
The PQC algorithms were selected by NIST from a competition over the last eight years and are used in new standards that replace current encryption methods.
In the US, the NSA has already mandated that national security systems adopt PQC by 2030. The UK’s National Cyber Security Council also strongly recommends implementing the standards. Adopting these standards will now become a commercial imperative.
“By ratifying and publishing its post-quantum cryptography standards, NIST is triggering the biggest and most significant cybersecurity transition in history,” said Dr Ali El Kaafarani, CEO and founder of UK cryptography developer PQShield.
“This has been a long journey over eight years but this summer will be very exciting,” said Lily Chen, NIST Fellow. “There are four algorithms chosen in summer 2022 and we have received the public comments and now we are ready to publish three cryptographic standards that can be used for cybersecurity in quantum times. The three ready to publish are the Key encapsulation and the other is a signature to verify firmware as today’s open devices can download software. Digital signatures are used to prevent malware attacks. We finialised these and we are ready to release them during the summer.”
“There are digital signatures and key encapsulation that lead to different use cases and NXP is active in many domains, from automotive to industrial to smart cards that stay in the field for 10 or 20 years and we need to guarantee the safety over that time,” said Joost Renes, security architect at NXP Semiconductor.
“The deployment includes a root of trust that already includes PQC where even if requirements for security change we can still update in a post quantum secure way. That’s the digital signature part.”
“Key encapsulation is more around session keys and data, and we are open for fast adoption as it is used with other parties,” he said. “We also need agreements on how to use them in a variety of protocols including eSIMs and we are actively contributing to the development of these standards and we are looking to adopt them as soon as possible.
PQShield also directly contributed to the new NIST standards, and has advised the White House and European Parliament on the migration to PQC. Its quantum-secure technologies are used by companies across the global technology supply chain.
“In every industry, the cryptography that keeps data, devices, connections and components secure must now be modernised in line with the new standards. The transition to quantum security will protect critical national infrastructure, and will make the entire technology supply chain more secure for decades to come – but modernising vital security systems and components won’t happen overnight. With the threat of ‘harvest-now-decrypt-later’ attacks, organisations that haven’t already started planning for post-quantum cryptography are already behind.
Starter kit to prepare for post-quantum cryptography changes
The standards published are:
- ML-KEM (formerly Kyber): https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf
- ML-DSA (Dilithium): https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf
- SLH-DSA (SPHINCS+): https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf
“We welcome NIST concluding this vital industry-wide process,” said Duncan Jones, head of cybersecurity at quantum computer maker Quantinuum which is driving the increasing performance of quantum computer systems.
“Today represents a crucial first step towards protecting all our data against the threat of a future quantum computer that could decrypt traditionally secure communications. Every CISO now has a mandate to urgently adopt these new standards alongside other methods for hardening their cybersecurity systems. We know that data stolen today could be decrypted at any time in the future, and sensitive data such as health records or financial data falling into the wrong hands would be damaging,” he said.
“A lot has taken place in the quantum industry since NIST announced the PQC algorithms for standardization in 2022. Quantum hardware developers are achieving systems that are now edging beyond classical simulation, initial real-world benefits are starting to emerge across a variety of applications, and governments around the world are increasing their investments to ensure economic and national security. On all fronts – from technology to global policy – advancements are causing experts to predict a faster timeline to reaching fault-tolerant quantum computers. The standardization of NIST’s PQC algorithms is a critical milestone in that timeline.”
“The NIST standardization marks the start of a new era for CISOs and their security teams, one of planning and implementation. Moving forward, public and private sectors alike must pursue a layered, defined strategy that includes PQC as well as cybersecurity solutions that leverage quantum mechanics, such as proven quantum randomness for encryption key generation. When combined with PQC algorithms, these quantum-derived technologies can help protect against a far fuller range of threats posed by quantum computers.”
www.csrc.nist.gov; www.nxp.com; www.pqshield.com;