The US Department of Commerce’s National Institute of Standards and Technology (NIST) has selected the first-ever group of encryption tools that could potentially withstand a quantum computer attack.
The four selected ciphers would now be part of NIST’s Post-Quantum Cryptography (PQC) standard, which is expected to be finalized in about two years.
Specifically, for general encryption (used for accessing secure websites), NIST has selected the CRYSTALS-Kyber algorithm.
For digital signatures, on the other hand, NIST has selected the three CRYSTALS-Dilithium, FALCON and SPHINCS+ algorithms.
“NIST constantly looks to the future to anticipate the needs of American industry and society as a whole, and when built, quantum computers powerful enough to break current encryption will pose a serious threat to our systems. information,” commented the NIST director. Laurie E. Locascio.
“Our post-quantum cryptography program has harnessed the best minds in cryptography – around the world – to produce this first group of quantum-resistant algorithms that will lead to a standard and dramatically increase the security of our digital information.”
Locascio also confirmed that NIST is currently considering including four additional algorithms in the standard to develop a robust variety of defense tools. The finalists for this round will be announced at a later date.
“The NIST Announcement […] is a key step in developing quantum-resistant security practices,” said Edlyn Teske, senior cryptography expert at Cryptomathic. Infosecurity Magazine.
“In practice, this means that [Chief Security Officers] need to assess their organization’s ability to quickly change the cryptographic algorithms that underpin the security of your data, without disrupting your entire infrastructure – an approach commonly referred to as “crypto-agile”.
According to Teske, organizations that invest time and money in achieving true crypto-agility as a near-term priority will be ready to deploy NIST-standardized algorithms as soon as they become available.
“[They will also] be much better prepared to protect their assets from post-quantum threats than those who wait.