A principal set of encryption algorithms have been released by NIST, designed to withstand cyberattacks from a quantum computer.

The US Department of Commerce’s National Institute of Standards and Technology (NIST) said the algorithms are specified in the first completed standards from NIST’s post-quantum cryptography (PQC) standardization project, and are ready for immediate use.

Don Graves, deputy secretary of Commerce, said: “NIST is providing invaluable expertise to develop innovative solutions to our quantum challenges, including security measures like post-quantum cryptography that organizations can start to implement to secure our post-quantum future.”

Remain Competitive

Keen to point out that the intention of the release is to keep the US competitive in the quantum space, there is also a consideration that the capability to break current encryption methods could appear within a decade, threatening the security and privacy of individuals, organizations and entire nations. 

Therefore these standards - which contain the algorithms’ code, instructions for implementation, and their intended uses — are the result of an eight-year effort managed by NIST.

NIST mathematician Dustin Moody, who heads the PQC standardization project, encouraged system administrators to start integrating them into their systems immediately, “because full integration will take time.”

The Standards

In a blog post, SandboxAQ said these Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC) are intended to safeguard data against potential threats from quantum attacks. 

It listed the three standards as:

• FIPS 203: This standard, derived from Kyber, is used in key agreement protocols like TLS, replacing traditional methods like Diffie-Hellman. It offers fast performance despite larger public keys and ciphertexts.

• FIPS 204: Based on Dilithium, this standard is used for digital signatures, outperforming current methods like ECDSA and RSA in speed of verification, though with larger signatures (2.5KB) and public keys (1.3KB), and roughly double for signing times.

• FIPS 205: Based on the security of SHA-2 or SHA-3, this standard offers robust security with very small public keys (32 bytes) but generates larger signatures, around 7KB. It is ideal for applications like firmware updates, where quick verification is essential.

Taher Elgamal, senior advisor at SandboxAQ, said the release of these algorithms marks a critical advancement in securing our digital infrastructure. “By adopting these standards, we safeguard sensitive data, ensure privacy, and maintain trust in digital communications,” he said. “This proactive approach not only prepares us for the quantum era but also fortifies our current cybersecurity measures.”

The company was also complimentary that the standards give enterprises a clear roadmap to upgrade their security and encryption protocols. “This transition is an opportunity to move to modern cryptography management models, leading to fewer outages, simpler compliance and governance, shorter and safer migrations, and higher security,” said Carlos Aguilar-Melchor, chief scientist, cybersecurity at SandboxAQ.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.