Trending
NIST Introduces First Quantum-Resistant Encryption Standards
The U.S. National Institute of Standards and Technology (NIST) has officially introduced the first three encryption standards built to withstand potential cyberattacks leveraging quantum computing. NIST is urging system administrators to begin transitioning to these new algorithms promptly, emphasizing that early adoption is crucial to defend against threats like “harvest now, decrypt later,” where attackers gather encrypted data with the intent to decrypt it once quantum technology becomes viable.
Background
Quantum computing operates on principles such as superposition, interference, and entanglement, using qubits (quantum bits) instead of the binary bits found in classical computing. Unlike a traditional bit, which is either a one or zero, a qubit can exist in multiple states simultaneously due to the phenomenon of superposition.
Though quantum computing is still in its infancy and prone to high error rates, early experiments suggest that quantum processors could complete complex calculations in seconds that would take even the most advanced supercomputers thousands of years.
Today’s public-key cryptography depends on the difficulty of certain mathematical problems, like factoring large numbers or solving discrete logarithms, to generate secure encryption and decryption keys. While current computers are incapable of performing these complex calculations quickly enough to break encryption, quantum computers might be able to do so within minutes.
The looming potential of quantum-powered attacks has prompted the U.S. to urge organizations, as early as 2022, to prepare for quantum-resistant encryption technologies.
ALSO READ: FCRF Launches ‘Cyber Safe Uttar Pradesh’ Initiative to Combat Rising Cyber Crime
The first quantum standards from NIST
NIST began its efforts to test and standardize post-quantum cryptographic systems nearly a decade ago, examining 82 algorithms to assess their resistance to quantum attacks. The three finalized standards are based on key algorithms:
- FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM, previously known as “CRYSTALS-Kyber”), designed to securely establish a shared secret key between two parties over a public channel. Built on the Module Learning with Errors (MLWE) problem, it offers robust resistance to quantum-based attacks. The standard features three different parameter sets (ML-KEM-512, ML-KEM-768, and ML-KEM-1024) to balance security and performance, ensuring the protection of sensitive U.S. government communications in a quantum computing era.
- FIPS 204: Module-Lattice-Based Digital Signature Algorithm (ML-DSA, previously known as “CRYSTALS-Dilithium”) is a digital signature algorithm that authenticates identities and ensures message integrity. Also based on the MLWE problem, it provides protection against quantum threats and is suitable for applications like securing electronic documents and communications.
- FIPS 205: Stateless Hash-Based Digital Signature Algorithm (SLH-DSA, previously known as “Sphincs+”) serves as a stateless alternative to ML-DSA, providing a fallback if vulnerabilities are found in ML-DSA. By using a hash-based method, SLH-DSA ensures security against quantum attacks and is ideal for situations that require stateless operations.
NIST advises system administrators to begin integrating these encryption methods immediately, recognizing that the transition will take time. Leading technology companies and privacy-focused platforms, including Google, Signal, Apple, Tuta, and Zoom, have already adopted NIST-approved post-quantum encryption standards like the Kyber key encapsulation algorithm to secure data in transit.
Beyond these finalized standards, NIST continues to evaluate other algorithms for possible future adoption as backup standards. Despite the confidence in current selections, their long-term security against quantum threats remains to be fully tested, as true quantum computing systems are not yet widely available.