The U.S. Department of Commerce’s National Institute of Standards and Technology today said it has chosen four encryption tools designed to protect against quantum computer attacks for a planned post-quantum cryptographic standard.
Of the four chosen tools, one — CRYSTAL-Kiber — offers general encryption, while the remaining three — CRYSTAL-Dilithium, Falcon and Sphincs+ — offer encryption for digital signatures and identity protection.
Quantum computers, at least as they exist today, cannot crack high-level encryption. However, with ongoing progress in the sector, it’s believed the technology will advance enough that quantum computers will be able to crack those standards, hence the need to start creating new encryption standards now.
NIST started the process of establishing post-quantum encryption standards in 2016, calling on cryptographers to devise encryption methods that could resist an attack from a future quantum computer.
“NIST constantly looks to the future to anticipate the needs of U.S. industry and society as a whole, and when they are built, quantum computers powerful enough to break present-day encryption will pose a serious threat to our information systems,” Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio said in a statement. “Our post-quantum cryptography program has leveraged the top minds in cryptography — worldwide — to produce this first group of quantum-resistant algorithms that will lead to a standard and significantly increase the security of our digital information.”
Four additional algorithms are also under consideration for inclusion in the standard and NIST plans to announce the finalists at a future date. NIST said it’s revealing the choices in two stages because of the need for a robust variety of defense tools.
“The announcement from NIST is a major leap towards a quantum-safe economy,” Duncan Jones, head of cybersecurity for quantum computing company Quantinuum Ltd., told SiliconANGLE. “Organizations can now accelerate their implementation and testing efforts, safe in the knowledge they aren’t backing the wrong horse.”
The announcement has already prompted product releases, with QuSecure Inc. announcing its QuProtect PQC solution that it says now supports all of the post-quantum cryptography algorithms. QuProtect is said to be the industry’s first end-to-end post-quantum cryptographic software-based solution uniquely designed to protect encrypted communications and data with quantum resilience using quantum secure channels
The NIST announcement comes after President Joe Biden signed a National Security Memorandum in May aimed at maintaining leadership in quantum information science and mitigating the risks of quantum computing to national security.
Among commitments to developing quantum computing, the memorandum said the administration is committed to mitigating the threat of quantum computing through a timely and equitable transition of cryptographic systems to interoperable quantum-resistant cryptography.