close
close

first Drop

Com TW NOw News 2024

NIST finalizes trio of post-quantum encryption standards • The Register
news

NIST finalizes trio of post-quantum encryption standards • The Register

The National Institute of Standards and Technology (NIST) today published long-awaited post-quantum encryption standards, which are designed to protect electronic information far into the future – when quantum computers are expected to crack existing cryptographic algorithms.

These machines aren’t immediately available. For years, we’ve been told that machines capable of this kind of blazing-fast processing power are only a decade away—and that was true again today. NIST cited “experts” who predict that these capabilities could appear within a decade.

The final standards include three post-quantum cryptographic algorithms.

One – ML-KEM (PDF) (based on CRYSTALS-Kyber) – is intended for general-purpose encryption, which protects data as it travels over public networks. The other two – ML-DSA (PDF) (originally known as CRYSTALS-Dilithium) and SLH-DSA (PDF) (originally submitted as Sphincs+) – are secure digital signatures, which are used to verify identity online.

A fourth algorithm – FN-DSA (PDF) (originally called FALCON) – is expected to be finalized later this year and is also designed for digital signatures.

NIST continued to evaluate two other sets of algorithms that could potentially serve as backup standards in the future.

One of the sets contains three algorithms designed for general encryption. However, the technology is based on a different type of mathematical problem than the general ML-KEM algorithm in the current final standards.

NIST plans to select one or two of these algorithms by the end of 2024.

Despite the new standards coming, NIST mathematician Dustin Moody encouraged system administrators to begin transitioning to the new standards as soon as possible, as full integration takes time.

“There is no reason to wait for future standards,” Moody advised in a statement. “Go ahead and start using these three. We need to be prepared for an attack that circumvents the algorithms in these three standards, and we will continue to work on backup plans to keep our data safe. But for most applications, these new standards are the most important.”

It has taken years to get to the point of having three final algorithms. NIST first put out a call for submissions in 2016, and then asked for additional options in 2022. The most recent algorithms are currently being evaluated, and about 15 of that group are expected to move on to the next round of testing and analysis.

While we haven’t yet entered the era of encryption-breaking attacks, America’s adversaries—including Russia and China—are pouring resources into quantum computing testbeds. Once they have the capabilities to crack algorithms and forge digital signatures, for example, attackers could do things like implant compromised firmware on hardware running in critical infrastructure facilities, causing a large, disruptive cyberattack.

There is also the fear that other countries will now steal as much encrypted data as possible – things like national security secrets and sensitive IP addresses – and store it until the technology becomes available to crack the encryption, giving them full access to the top-secret information.

IBM called the newly published algorithms a “critical milestone in improving the protection of encrypted data worldwide from cyberattacks.” IBM also highlighted the role the company played in the development of all three of the newly published standards, plus the fourth algorithm that will be finalized soon.

“We understand that these developments could herald a revolution in the security of our most sensitive data and systems,” IBM Quantum VP Jay Gambetta said in a statement. “However, NIST’s publication of the world’s first three post-quantum cryptography standards marks an important step in the effort to build a quantum-safe future beyond quantum computing.” ®