Infrastructure
government

NIST Releases Draft Standards for Quantum-Resistant Algorithms

The first three algorithms are open for feedback with a fourth due next year
Berenice Baker
Berenice Baker

August 30, 2023

The standards cover creating websites and digital signatures
NIST has released standards for four of the three PQC algorithms it has selected. J. Wang/NIST and Shutterstock

The U.S. National Institute of Standards and Technology (NIST) has released draft standards for the first three of the four algorithms it selected to protect encrypted data from cyberattacks powered by quantum computers. 

NIST has invited the cryptographic community to offer feedback on the draft standards until Nov. 22, 2023. After these have been considered and, where necessary, incorporated, the standards would be made available for global organizations to integrate into their security infrastructure.

The agency revealed the four winning algorithms last year. It has now issued draft Federal Information Processing Standards (FIPS) for the following three algorithms:

Related:Agencies Release Quantum Readiness Factsheet

  • CRYSTALS-Kyber, designed for general encryption purposes such as creating secure websites, is covered in 

    FIPS 203

    • CRYSTALS-Dilithium, designed to protect the digital signatures we use when signing documents remotely, is covered in 

      FIPS 204

      .

      • SPHINCS+, also designed for digital signatures, is covered in 

        FIPS 205

        .

        The fourth, FALCON, is also designed for digital signatures. NIST plans to release draft FIPS for FALCON in 2024.

        Because two of the three post-quantum methods for digital signatures selected to date are based on a single mathematical idea called structured lattices, NIST wants to have alternative approaches available in case

        any weaknesses in this approach are discovered.

        The new standards are needed because sufficiently powerful future quantum computers could break the public-key encryption techniques that keep sensitive transactions, such as bank transfers, secure.

        “We’re getting close to the light at the end of the tunnel, where people will have standards they can use in practice,” said NIST mathematician and project lead Dustin Moody. “For the moment, we are requesting feedback on the drafts. Do we need to change anything, and have we missed anything?”

        NIST has also selected a second set of algorithms for ongoing evaluation that it will release for evaluation next year. These are based on different encryption methods to CRYSTALS-Kyber in case a future vulnerability comes to light. This was needed because one shortlisted candidate, SIKE, was

        cracked on a single-core computer

        in an hour, about a month after the algorithms were released in 2022.

        According to NIST, the completed post-quantum encryption standards will replace the three NIST cryptographic standards and guidelines that are most vulnerable to being cracked by quantum computers: 

        FIPS 186-5

        NIST SP 800-56A

         and 

        NIST SP 800-56B

        Read more about:
        Strategy

        Enter Quantum Newsletter

        To get the latest quantum computing news, advice and insight, sign up to our newsletter

        This site uses cookies to provide you with the best user experience possible. By using Quantum Business News, you accept our use of cookies.