NIST names the first four quantum-resistant cryptographic tools

The National Institute of Standards and Technology (NIST) has selected the first group of cryptographic tools that it believes can withstand future quantum computer attacks. This is a decision welcomed by the Government of Canada’s cyber agencies.

NIST, a division of the US Department of Commerce, said Tuesday that the four cryptographic algorithms selected would be part of NIST’s post-quantum cryptography standard and are expected to be completed in about two years.

The goal is to prevent current and future encrypted digital systems (from government databases to bank accounts to email messages) from being decrypted by powerful quantum computers.

This decision is part of a process that NIST started six years ago in preparation for a time when quantum computers could break current cryptography. This choice constitutes the beginning of the finale of the government’s post-quantum cryptography standardization project.

Not only are giant IT companies such as IBM, Microsoft and Google spending billions of dollars on quantum computing research, but so are governments such as China and Russia. Canadian companies include D-Wave Systems and Xanadu Quantum Technologies. It may take years before a commercially viable quantum computer that can tackle practical computing problems becomes available, but the government will prepare a quantum tolerance algorithm long before that. I hope that.

Related Content: ITWC Panel Discussion on Quantum Computing

The four initial NIST algorithms fall into two categories:

– For general encryption The CRYSTALS-Kyber algorithm used to access secure websites. According to NIST, some of its benefits are a relatively small encryption key that can be easily exchanged between the two, and its speed of operation.

– For digital signatures Often used to verify identities during digital transactions and to remotely sign documents. There are three algorithms: CRYSTALS-Dilithium, FALCON, SPHINCS + (pronounced “Sphincs plus”).

NIST recommends CRYSTALS-Dilithium as the primary algorithm and uses FALCON for applications that require smaller signatures than Dilithium can provide. SPHINCS + is somewhat larger and slower than the other two, NIST says, but it’s worth a backup for one main reason. It is based on a mathematical approach that is different from all three NIST choices.

Three of the selected algorithms are based on a family of mathematical problems called structured grids, while SPHINCS + uses hash functions.

The four additional algorithms still under consideration are designed for general cryptography and do not use the lattice or hash functions structured in the approach.

While the final standard is under development, NIST recommends that security experts investigate new algorithms and consider how applications will use them. However, we do not recommend incorporating the selected algorithm into your system yet, as the algorithm may change slightly before the standard is complete.

In a statement, the Canadian Security Establishment (CSE), which protects the federal IT network, and its publicly available Canadian Cyber ​​Security Center, said the NIST’s decision was “important to ensure that the cyber ecosystem is quantum secure. It’s a step. ” While this announcement is an important step towards standardization, CyberCenter continues to advise organizations to wait for further guidance before using these algorithms to protect their data and systems. “

When NIST publishes the final standard, Cyber ​​Center will update the list of cryptographic algorithms approved for use in federal applications.

Cybercenter is a partner of NIST in the Cryptographic Module Verification Program (CMVP), which is used to prove that IT products are ready for government procurement. It will also work with NIST to update the Cryptographic Algorithm Verification Program (CAVP) under CMVP to test the implementation of new post-quantum computing algorithms.

The Cyber ​​Center advises consumers to use the algorithm certificate from CAVP to procure and use cryptographic modules that have been tested and validated with CMVP.