The announcement follows a six-year effort to devise and then vet encryption methods to significantly increase the security of digital information, the agency said.
The Department of Commerce’s National Institute of Standards and Technology (NIST) has chosen four encryption algorithms that are designed to withstand the hacking of a future quantum computer and protect digital information. This first group of encryption tools will become part of NIST’s post-quantum cryptographic standard, expected to be finalized in about two years.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
The algorithms are designed with two main goals for when encryption is typically used: General encryption, which is used to protect information exchanged across a public network, and digital signatures, used for identity authentication. NIST said all four of the algorithms were created by experts collaborating from multiple countries and institutions.
The first group of algorithms
For general encryption: Used when secure websites are accessed, NIST has selected the CRYSTALS-Kyber algorithm. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation.
For digital signatures: Often used to verify identities during a digital transaction or to sign a document remotely, NIST has selected the three algorithms CRYSTALS-Dilithium, FALCON and SPHINCS+. Reviewers cited the high efficiency of the first two, and NIST recommends CRYSTALS-Dilithium as the primary algorithm, with FALCON for applications that need smaller signatures than Dilithium can provide.
SPHINCS+ is somewhat larger and slower than the other two, but it is valuable as a backup because it is based on a different math approach than all three of NIST’s other selections, according to the agency.
Three of the selected algorithms are based on a family of math problems called structured lattices, while SPHINCS+ uses hash functions. The additional four algorithms still under consideration are designed for general encryption and do not use structured lattices or hash functions in their approaches, NIST said.
All of the algorithms are available on the NIST website.
This is “an important milestone in securing our sensitive data against the possibility of future cyberattacks from quantum computers,” Secretary of Commerce Gina M. Raimondo said in a statement.
Quantum-resistant algorithms will help produce a standard
The announcement follows a six-year effort managed by NIST, who issued a call to cryptographers around the world in 2016 to devise and then vet encryption methods that could resist an attack from a future quantum computer that is more powerful than the comparatively limited machines available today. The selection constitutes the beginning of the finale of the agency’s post-quantum cryptography standardization project.
“When they are built, quantum computers powerful enough to break present-day encryption will pose a serious threat to our information systems,” Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio said in a statement. “Our post-quantum cryptography program has leveraged the top minds in cryptography — worldwide — to produce this first group of quantum-resistant algorithms that will lead to a standard and significantly increase the security of our digital information.”
Four additional algorithms are under consideration for inclusion in the standard, and NIST said it will announce the finalists from that round at a future time.
Because there are different systems and tasks that use encryption, a useful standard would offer solutions designed for different situations, use varied approaches for encryption and offer more than one algorithm for each use case in the event that one proves vulnerable, NIST said.
Encryption uses math to protect sensitive electronic information in secure websites and emails. Widely used public-key encryption systems, which rely on math problems that even the fastest conventional computers find intractable, ensure these websites and messages are inaccessible to unwelcome third parties, the agency said.
However, a sufficiently capable quantum computer, which would be based on different technology than today’s conventional computers, could solve these math problems quickly, defeating encryption systems, NIST said. To counter this threat, the four quantum-resistant algorithms rely on math problems that both conventional and quantum computers should have difficulty solving, thus defending privacy both now and down the road, the agency said.
To get involved in developing guidance for migrating to post-quantum cryptography, visit NIST’s National Cybersecurity Center of Excellence project page.