Connects decision-makers and solutions creators to what's next in quantum computing

NIST Releases Draft Standards for Quantum-Resistant Algorithms

The first three algorithms are open for feedback with a fourth due next year

Berenice Baker, Editor, Enter Quantum

August 30, 2023

2 Min Read
The standards cover creating websites and digital signatures
NIST has released standards for four of the three PQC algorithms it has selected. J. Wang/NIST and Shutterstock

The U.S. National Institute of Standards and Technology (NIST) has released draft standards for the first three of the four algorithms it selected to protect encrypted data from cyberattacks powered by quantum computers. 

NIST has invited the cryptographic community to offer feedback on the draft standards until Nov. 22, 2023. After these have been considered and, where necessary, incorporated, the standards would be made available for global organizations to integrate into their security infrastructure.

The agency revealed the four winning algorithms last year. It has now issued draft Federal Information Processing Standards (FIPS) for the following three algorithms:

  • CRYSTALS-Kyber, designed for general encryption purposes such as creating secure websites, is covered in FIPS 203

  • CRYSTALS-Dilithium, designed to protect the digital signatures we use when signing documents remotely, is covered in FIPS 204.

  • SPHINCS+, also designed for digital signatures, is covered in FIPS 205.

The fourth, FALCON, is also designed for digital signatures. NIST plans to release draft FIPS for FALCON in 2024.

Because two of the three post-quantum methods for digital signatures selected to date are based on a single mathematical idea called structured lattices, NIST wants to have alternative approaches available in case any weaknesses in this approach are discovered.

Related:Agencies Release Quantum Readiness Factsheet

The new standards are needed because sufficiently powerful future quantum computers could break the public-key encryption techniques that keep sensitive transactions, such as bank transfers, secure.

“We’re getting close to the light at the end of the tunnel, where people will have standards they can use in practice,” said NIST mathematician and project lead Dustin Moody. “For the moment, we are requesting feedback on the drafts. Do we need to change anything, and have we missed anything?”

NIST has also selected a second set of algorithms for ongoing evaluation that it will release for evaluation next year. These are based on different encryption methods to CRYSTALS-Kyber in case a future vulnerability comes to light. This was needed because one shortlisted candidate, SIKE, was cracked on a single-core computer in an hour, about a month after the algorithms were released in 2022.

According to NIST, the completed post-quantum encryption standards will replace the three NIST cryptographic standards and guidelines that are most vulnerable to being cracked by quantum computers: FIPS 186-5NIST SP 800-56A and NIST SP 800-56B

About the Author(s)

Berenice Baker

Editor, Enter Quantum

Berenice is the editor of Enter Quantum, the companion website and exclusive content outlet for The Quantum Computing Summit. Enter Quantum informs quantum computing decision-makers and solutions creators with timely information, business applications and best practice to enable them to adopt the most effective quantum computing solution for their businesses. Berenice has a background in IT and 16 years’ experience as a technology journalist.

Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like