NIST publishes draft post-quantum cryptography standards, calls for industry feedback

The US National Institute of Standards and Technology (NIST) has published draft post-quantum cryptography (PQC) standards that are designed as a global framework to help organizations protect themselves from future quantum-enabled cyberattacks. The standards were selected by NIST following a seven-year process which began when the agency issued a public call for submissions to the PQC Standardization Process. NIST is again calling for public feedback on three draft Federal Information Processing Standards (FIPS), which are based upon four previously selected encryption algorithms.

The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. It is intended that these algorithms will be capable of protecting sensitive US government information well into the foreseeable future, including after the advent of quantum computers, NIST said. These algorithms are incorporated into the three FIPS published by NIST: FIPS 203, FIPS 204, and FIPS 205. Comments on FIPS 203, FIPS 204, or FIPS 205 must be received on or before November 22, 2023, NIST stated.

Preparing for "Q-Day" - where quantum computers break existing cryptographic algorithms

Over the past several years, there has been steady progress toward building quantum computers. The security of many commonly used public-key cryptosystems would be at risk if large-scale quantum computers were ever realized. In particular, this would include key-establishment schemes and digital signatures that are based on integer factorization and discrete logarithms (both over finite fields and elliptic curves). This concept is often referred to as Q-Day - the point at which quantum computers are capable of breaking existing cryptographic algorithms. Experts believe this will occur in the next five to ten years, potentially leaving all digital information vulnerable to malicious actors under current encryption protocols.

Last month, the European Union (EU) was warned that it must prepare for quantum cyberattacks and adopt a new coordinated action plan to ensure a harmonized transition to post-quantum encryption to tackle quantum cybersecurity threats of the future. That was according to a discussion paper written by Andrea G. Rodriguez, lead digital policy analyst at the European Policy Centre. In December 2022, US President Joe Biden signed the Quantum Computing Cybersecurity Preparedness Act, mandating US federal agencies to eventually migrate all IT systems to post-quantum cryptography.