The National Institute of Standards and Technology (NIST) today released the long-awaited post-quantum encryption standards, designed to protect electronic information long into the future - when quantum computers are expected to break existing cryptographic algorithms.

These machines aren't readily available yet. We have been told for years that machines capable of this type of super-fast processing power are just a decade away - and that was again the case today. NIST cited "experts" who predict that these capabilities could appear within a decade.

The finalized standards include three post-quantum cryptographic algorithms. 

One - ML-KEM [PDF] (based on CRYSTALS-Kyber) - is intended for general encryption, which protects data as it moves across public networks. The other two - ML-DSA [PDF] (originally known as CRYSTALS-Dilithium) and SLH-DSA [PDF] (initially submitted as Sphincs+) - secure digital signatures, which are used to authenticate online identity.

A fourth algorithm - FN-DSA [PDF] (originally called FALCON) - is slated for finalization later this year and is also designed for digital signatures.

NIST continued to evaluate two other sets of algorithms that could potentially serve as backup standards in the future. 

One of the sets includes three algorithms designed for general encryption - but the technology is based on a different type of math problem than the ML-KEM general-purpose algorithm in today's finalized standards. 

NIST plans to select one or two of these algorithms by the end of 2024.

Despite the new ones on the horizon, NIST mathematician Dustin Moody encouraged system administrators to start transitioning to the new standards ASAP, because full integration takes some time.

"There is no need to wait for future standards," Moody advised in a statement. "Go ahead and start using these three. We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event." 

It has taken years to get the point of having three finalized algorithms. NIST first issued a call for submissions in 2016, and then asked for additional options in 2022. The more recent algorithms are currently undergoing evaluation, and about 15 from this group are expected to move on to the next round of testing and analysis.

While we haven't yet entered the era of encryption-breaking attacks, America's adversaries - including Russia and China - are pumping resources into quantum computing test beds. Once they have the capabilities to decrypt algorithms and forge digital signatures, for example, attackers could do things like implant compromised firmware on hardware running in critical infrastructure facilities, thus causing a major, disruptive cyber attack.

There's also the fear that other nations are stealing as much encrypted data as they can now - things like national security secrets and sensitive IP - and storing it until the technology exists to break the encryption, which would give them full access to the top-secret information. 

IBM called the newly published algorithms a "crucial milestone to advancing the protection of the world's encrypted data from cyber attacks," while also touting its role in the development of all three newly published standards plus the fourth, soon-to-be-finalized algorithm.

"We understand these advancements could herald an upheaval in the security of our most sensitive data and systems," IBM Quantum VP Jay Gambetta declared in a statement. "However, NIST's publication of the world's first three post-quantum cryptography standards marks a significant step in efforts to build a quantum-safe future alongside quantum computing." ®

https://www.theregister.com//2024/08/14/nist_postquantum_standards/