The US Department of Commerce’s National Institute of Standards and Technology (NIST) has selected the first-ever group of encryption tools that could potentially withstand the attack of a quantum computer.
The four selected encryption algorithms will now reportedly become part of NIST’s post-quantum cryptographic (PQC) standard, which should be finalized in about two years.
More specifically, for general encryption (used for access to secure websites), NIST has selected the CRYSTALS-Kyber algorithm.
For digital signatures, on the other hand, NIST has selected the three algorithms CRYSTALS-Dilithium, FALCON and SPHINCS+.
“NIST constantly looks to the future to anticipate the needs of U.S. industry and society as a whole, and when they are built, quantum computers powerful enough to break present-day encryption will pose a serious threat to our information systems,” commented NIST Director Laurie E. Locascio.
“Our post-quantum cryptography program has leveraged the top minds in cryptography — worldwide — to produce this first group of quantum-resistant algorithms that will lead to a standard and significantly increase the security of our digital information.”
Locascio also confirmed that NIST is currently considering four additional algorithms to be included in the standard to develop a robust variety of defense tools. The finalists from that round will be announced at a future date.
“NIST’s announcement […] is a key milestone in the development of quantum-resistant security practices,” Edlyn Teske, a senior crypto expert at Cryptomathic, told Infosecurity Magazine.
“In practice, this means that [Chief Security Officers] need to take stock of their organization’s ability to rapidly switch the cryptographic algorithms that underpin your data security, without upending your entire infrastructure – an approach commonly known as being ‘crypto-agile.’
According to Teske, organizations that invest time and money into achieving true crypto-agility as a near-term priority will be ready to deploy NIST-standardized algorithms as they become available.
“[They will also] be much better prepared to protect their assets from post-quantum threats than those who wait.”