NIST aims to quantum-proof encryption with new algorithms

The US National Institute of Standards and Technology (NIST) has published draft standards for three algorithms aimed at withstanding attack by quantum computers.

Of the three published so far, CRYSTALS-Kyber is designed for general encryption purposes, such as creating secure websites. The other - CRYSTALS-Dilithium and SPHINCS+ - are aimed at protecting digital signatures.

A fourth, FALCON, is also designed for digital signatures and will be published in 2024.

Quantum technology remains a specter looming over cryptography and has the potential to crack many - if not all - public key encryption techniques. Current techniques are based on mathematical problems that a classical computer would struggle to solve. 

The promise of quantum computers - if and when they finally arrive in a usable state - solves those problems, effectively making current encryption techniques redundant.

NIST acknowledged that quantum computers remained in their infancy and systems powerful enough to defeat encryption algorithms did not yet exist. However, it said: “It’s important to plan ahead, in part because it takes years to integrate new algorithms across all computer systems”.

The point was echoed by Tim Callan, chief experience officer at Sectigo, who urged organizations to adopt a crypto-agile stance that permitted cryptography to be changed at will. He said: “Amazingly, most enterprises can't even tell you what cryptography they have implemented, where it is, how it's being used, whether or not it meets current standards”.

NIST’s announcement has been years in the making. Its efforts to develop quantum-resistant algorithms began in 2016 and have culminated in draft Federal Information Processing Standards (FIPS) for the selected algorithms.

An additional set of algorithms is expected in 2024 to augment the first set. Dustin Moody, a NIST mathematician and leader of the project, said that the second sets would likely only consist of one or two algorithms and would be designed for general encryption. They would also be based on different mathematical problems, affording alternative defense methods.

That need for an alternative defense method was underscored in 2022 when one algorithm planned for the second set, SIKE, was cracked with a conventional computer.

NIST is far from alone in planning for a future where traditional encryption techniques might be defeated by quantum computers. Google recently announced it would support X25519Kyber768 for TLS secrets in Chrome. The hybrid consists of X25519 - an elliptic curve algorithm, and Kyber-768 - a quantum-resistant key encapsulation method.

Echoing NIST’s remarks, Google said of the change rolled out in Chrome 116: “Many types of asymmetric cryptography used today are considered strong against attacks using existing technology but do not protect against attackers with a sufficiently-capable quantum computer”.

Callan applauded Google’s move to enable the changeover from traditional encryption, noting that a wholesale change of supporting hardware and software would be required. He also noted that the update “makes use of these algorithms much more practical in development or fully controlled environments”.

NIST expects that the completed post-quantum standards will replace three existing NIST cryptographic standards deemed most vulnerable to quantum computers: FIPS 186-5, NIST SP 800-56A, and NIST SP 800-56B.