NIST has been reviewing algorithms as part the the PQC (Post Quantum Cryptography) Standardization process for over 8 years now and they have released the first three standards for post-quantum cryptography. These standards will allow systems to protect their data and communications with encryption that are not vulnerable to Quantum Computers. Current standards and tools rely on complex math problems that are difficult or impossible to solve using conventional computers but are vulnerable to a sufficiently capable quantum computer which would be able to process potential solutions very quickly.
The new standards are designed for two essential tasks for which encryption is typically used: general encryption, used to protect information exchanged across a public network; and digital signatures, used for identity authentication. NIST announced its selection of four algorithms — CRYSTALS-Kyber, CRYSTALS-Dilithium, Sphincs+ and FALCON — slated for standardization in 2022 and released draft versions of three of these standards in 2023. The fourth draft standard based on FALCON is planned for late 2024.
While there have been no substantive changes made to the standards since the draft versions, NIST has changed the algorithms’ names to specify the versions that appear in the three finalized standards, which are:
- Federal Information Processing Standard (FIPS) 203, intended as the primary standard for general encryption. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation. The standard is based on the CRYSTALS-Kyber algorithm, which has been renamed ML-KEM, short for Module-Lattice-Based Key-Encapsulation Mechanism.
- FIPS 204, intended as the primary standard for protecting digital signatures. The standard uses the CRYSTALS-Dilithium algorithm, which has been renamed ML-DSA, short for Module-Lattice-Based Digital Signature Algorithm.
- FIPS 205, also designed for digital signatures. The standard employs the Sphincs+ algorithm, which has been renamed SLH-DSA, short for Stateless Hash-Based Digital Signature Algorithm. The standard is based on a different math approach than ML-DSA, and it is intended as a backup method in case ML-DSA proves vulnerable.
Similarly, when the draft FIPS 206 standard built around FALCON is released, the algorithm will be dubbed FN-DSA, short for FFT (fast-Fourier transform) over NTRU-Lattice-Based Digital Signature Algorithm.
This is a significant step in ensuring our data and systems are protected against threats that are on the horizon. The Register has a good article on this topic (NIST finalizes trio of post-quantum encryption standards) that I highly recommend you check out.
Sources:
* Mastodon.social
* Schneier.com: NIST Releases First Post-Quantum Encryption Algorithms