NIST Announces First Four Quantum Resistant Cryptographic Algorithms


The National Institute of Standards and Technology (NIST) of the United States Department of Commerce has: chosen the first set of quantum-resistant encryption algorithms designed to “withstand the onslaught of a future quantum computer”.

The post-quantum cryptography (PQC) technologies include the CRYSTALS-Kyber general encryption algorithm, and CRYSTALS-DilithiumVALKand SPINCS+ for digital signatures.

“Three of the selected algorithms are based on a family of math problems called structured lattices, while SPHINCS+ uses hash functions,” NIST, which kicked off the standardization process in January 2017, said in a statement.

Cryptography, which underlies the security of information in modern computer networks, derives its strength from the difficulty of solving mathematical problems – for example, calculating large composite integers – using traditional computers.

Quantum computers, when mature enough, will set a huge impact on current public-key algorithms, since what could take, say, trillions of years on a conventional computer to find the correct key to decrypt a message would only take to dawn or hourmaking them susceptible to brute force attacks.

“If large-scale quantum computers are ever built, they will be able to break through many of the public-key cryptosystems currently in use,” the agency said. “This would seriously jeopardize the confidentiality and integrity of digital communications on the Internet and elsewhere.”

Complicating matters further is a critical threat called “hack now, decrypt laterwhere cyber attackers collect sensitive encrypted data sent today in hopes of breaking it in the future when quantum computing becomes available.

The four quantum-resistant algorithms chosen by NIST would be based on mathematical problems that are difficult to solve on both classical and quantum computers, helping to protect data from cryptanalytic attacks.

The agency also plans to include four more algorithms before finalizing the post-quantum cryptographic standard, a process expected to be completed in about two years.

That said, the US Cybersecurity and Infrastructure Security Agency (CISA), along with NIST, is “strong” recommend organizations to prepare for the transition by following the Step-by-step plan for post-quantum cryptography