The U.S. National Institute of Standards and Technology (NIST) has chosen the first group of encryption tools it says will withstand the onslaught of a future quantum computer, a move hailed by the Canadian government’s cyber agency .
NIST, a division of the U.S. Department of Commerce, said on Tuesday that the four selected encryption algorithms will be part of NIST’s Post-Quantum Cryptographic Standard, which is expected to be finalized in about two years.
The goal is to protect current and future encrypted digital systems – from government databases to bank accounts to email – from being hacked by powerful quantum computers.
The decision is part of a process started by NIST six years ago to prepare for a time when quantum computers could break current encryption technologies. The selection constitutes the beginning of the final of the competition of the agency post-quantum cryptography standardization project.
Not only large IT companies such as IBM, Microsoft and Google pouring billions into quantum computing research, governments including China and Russia. Canadian companies include D-Wave Systems and Xanadu Quantum Technologies. It may be years before commercially viable quantum computers capable of solving practical computing problems become available, but governments want quantum-resistant algorithms ready long before that.
Related Content: An ITWC Roundtable on Quantum Computing
NIST’s original four algorithms are divided into two categories:
–for general encryption, used to access secure websites, the CRYSTALS-Kyber algorithm. Among its advantages, according to NIST, are relatively small encryption keys that two parties can exchange easily, as well as its speed of operation;
–for digital signatures, often used to verify identities during a digital transaction or to sign a document remotely, there are three algorithms: CRYSTALS-Dilithium, FALCON and SPHINCS+ (read as “Sphincs plus”).
NIST recommends CRYSTALS-Dilithium as the primary algorithm, with FALCON for applications requiring smaller signatures than Dilithium can provide. SPHINCS+, is a bit larger and slower than the other two, according to NIST, but it’s valuable as a backup for one main reason: it’s based on a different mathematical approach than the other three NIST selections.
Three of the selected algorithms are based on a family of mathematical problems called structured lattices, while SPHINCS+ uses hash functions.
The four additional algorithms still under investigation are designed for general encryption and do not use structured networks or hash functions in their approaches.
As the final standard is being developed, NIST encourages security experts to explore the new algorithms and consider how their applications will use them. However, he recommends that the chosen algorithms should not yet be integrated into their systems, as the algorithms may change slightly before the standard is finalized.
In a statement, the Canadian Center for Security (CSE), which protects federal computer networks, and its Canadian Center for Cyber Security, which faces the public, said NIST’s decision is an “important step in ensuring that our cyber-ecosystem becomes quantum-safe”. While this announcement is an important step towards standardization, the Cyber Center continues to advise organizations to wait for further guidance before using these algorithms to protect data or systems.
When NIST publishes its final standard, the Cyber Center will update its list of approved cryptographic algorithms for use in federal applications.
The Cyber Center is a partner of NIST on the Cryptographic Module Validation Program (CMVP), which is used to certify that IT products are ready for government procurement. He will also work with NIST to update the Cryptographic Algorithm Validation Program (CAVP) under CMVP to test implementations of new post-quantum computing algorithms.
The Cyber Center advises consumers to obtain and use cryptographic modules tested and validated under CMVP, with algorithm certificates from CAVP.
“Evil alcohol lover. Twitter junkie. Future teen idol. Reader. Food aficionado. Introvert. Coffee evangelist. Typical bacon enthusiast.”