Who are NIST’s post-quantum algorithm winners?
Quantum computing’s arrival will cause a ripple effect touching every corner of the technological landscape. In general terms, quantum computers lean on quantum physics to run multiple processes simultaneously, allowing them to solve certain complex problems much more quickly than traditional computers can today.
In many ways this is good news, because stable quantum computing will introduce exciting technological possibilities. Quantum computing’s greater ability to solve complex problems promises potential breakthroughs in fields like artificial intelligence, financial modeling, and many others. However, there’s also a very significant and dangerous downside concerning cybersecurity; quantum computers will be able to crack the existing cryptographic schemes protecting nearly all of the world’s digital operations.
When the first quantum computer becomes powerful enough, virtually all data using existing technology will become easily decrypted by whoever has access to one of these computers. This includes the most sensitive data we have, such as high-value industrial secrets or military and state secrets. In fact, it’s widely believed that today’s threat actors are even saving encrypted content so they can break it later using quantum computers.
This anticipated impact of quantum computing is so severe that it’s sometimes referred to as the Quantum Apocalypse. This “apocalypse” will not occur on a single, discrete date. Rather, over time the difficulty and time required to break encrypted files and communications will continue to decrease, and the risk of using pre-quantum algorithms will keep increasing.
Experts are predicting that a quantum computer will likely be able to crack current encryption algorithms by the year 2030. This means governments and enterprises across the globe must begin preparing for the new age of quantum computing now. To remain secure, the world must adopt new families of quantum-resistant cryptography.
The US National Institute of Standards and Technology (NIST) has been driving a joint effort involving academics, government, and industry to arrive at a new set of cryptographic “primitives” that are secure against cracking by quantum computers. In July 2022, after a six-year effort, it made monumental progress in the journey to quantum-safe computing systems, announcing its winning selections for post-quantum encryption algorithms.
In 2024 and with the approval of the Secretary of Commerce, NIST has officially finalized three standards for use as post-quantum cryptography solutions. The algorithms used are the same as the winning selection of algorithms in 2022 but each has a new name.
NIST’s finalized post-quantum cryptography standards
On August 13th, 2024, NIST released three finalized Federal Information Processing Standards (FIPS), designed specifically to withstand quantum attacks. These new standards are crucial for securing electronic information ranging from confidential emails to vital eCommerce transactions. NIST is urging organizations to begin the transition to these new quantum-resistant encryption algorithms as soon as possible.
Quantum computers having the power to break current encryption methods will jeopardize global data security. In response, NIST’s continued collaboration with cryptography experts worldwide to develop and standardize new algorithms that are resistant to quantum attacks has finally led to where we are now. After years of rigorous evaluation, the finalized algorithms have been determined.
What are the winning post-quantum algorithms?
The three NIST finalized post-quantum encryption standards include:
- FIPS 203: Intended as the primary standard for general encryption, FIPS 203 is based on ML-KEM, short for Module-Lattice-Based Key Encapsulation Mechanism (previously known as CRYSTALS-Kyber). According to NIST, the advantages of ML-KEM include “comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation.”
- FIPS 204: The primary standard for protecting digital signatures, FIPS 204 uses the Module-Lattice-Based Digital Signature Algorithm (ML-DSA). This algorithm was previously known as CRYSTALS-Dilithium.
- FIPS 205: Intending to also protect digital signatures, FIPS 205 serves as a backup method to FIPS 204, in case ML-DSA proves vulnerable. Based on the Stateless Hash-Based Digital Signature Algorithm (SLH-DSA), previously known as SPHINCS+, SLH-DSA is a larger and slower algorithm than the others. However, its value lies in the fact that it’s based on a different mathematical approach (a stateless hash-based signature scheme) than the other cryptographic algorithms. This makes it a good backup option even though FIPS 204 is expected to be used 99.9 percent of the time.
A fourth draft standard, FIPS 206, which is built around the algorithm formerly known as FALCON, is projected to be standardized in late 2024 according to NIST. This new standard will be called FN-DSA, short for FFT (fast-Fourier transform) over NTRU-Lattice-Based Digital Signature Algorithm.
Understanding the cryptography
To understand what this quantum future looks like, it’s important to understand cryptography today. For nearly 50 years public key infrastructure (PKI) has provided the cryptographic foundation to secure human and machine identities. PKI relies primarily on two standardized algorithms, Rivest-Shamir-Adleman (RSA) and elliptic-curve cryptography (ECC).
In 1994, mathematician Peter Shor discovered a new algorithm capable of breaking conventional public-key cryptography. However, it required a then-theoretical quantum computer. This algorithm became known as Shor’s Algorithm and demonstrates that a quantum computer can factor integers much more efficiently than a classical computer. Therefore, this makes quantum computers more efficient at cracking RSA and ECC.
Now, consider just how integral encryption is today. It has fundamental uses in government, defense, finance, commerce, communication, transportation, and healthcare, just to name a few industries it touches. PKI secures everything from email accounts and Internet of Things (IoT) devices to financial transactions and healthcare data. Quantum computing threatens this digital trust.
The winning post-quantum algorithms are capable of withstanding the expected encryption-cracking capabilities of quantum computers. Why? They are based on entirely different mathematical principles that do not benefit from the extreme performance boost described by Peter Shor.
The new primitives use fundamentally different mathematical techniques than the related math problems that underlie RSA and ECC. RSA takes advantage of the difficulty in factorizing numbers down to very large primes. ECC relies on the difficulty in solving for two points on an elliptical curve. These related computational tasks are both reduced vastly due to Shor’s Algorithm.
But the new algorithms are different. Aside from FIPS 205, which uses hash functions, the rest focus on lattice-based encryption, which uses not algebraic formulas but rather matrices.
Think of lattice-based encryption as a geometric problem. A two-dimensional matrix (like a chess board with rows and columns) includes a set of integer points along these rows and columns, and solving problems about these integer points is a fundamentally different technique from solving the problems defined by RSA and ECC. To give our potential key space sufficient scope, the very large matrices involved will not be two-dimensional or even three-dimensional but rather will have upwards of 10,000 dimensions. All this complexity makes the brute force computation required to crack these keys prohibitively difficult for both traditional and quantum computing architectures.
Next steps
While NIST’s announcement and the publication of the new cryptographic standards mark significant milestones, the real work lies ahead. Organizations are encouraged to begin integrating these quantum-resistant algorithms into their systems immediately as it will take time to transition to the new standards. Early adoption and preparation for quantum computers are crucial to ensure security against future quantum attacks.
Standards bodies, hardware and software manufacturers, and enterprises woldwide will need to implement new cryptography across all aspects of their computing systems. NIST continues to evaluate additional algorithms as potential backups, but the finalized standards are ready for deployment now and have noted that there is no need to wait for future standards.
Secure your future against quantum threats with Sectigo
As quantum computing advances, the importance of adopting quantum-resistant cryptography cannot be overstated. The recent standardization of these algorithms by NIST provides a clear path forward for organizations to secure their data and communications against future quantum cyberattacks. Governments and enterprises must begin assessing their cryptographic assets, planning for migration, and implementing these new standards to ensure continued security.
Don’t allow your organization to be vulnerable to quantum threats. Sectigo is at the front lines of post-quantum cryptography (PQC) and is ready to help your business on the journey towards quantum-safe cryptography. Contact us today.