NIST: 8 Years of Efforts, 4 new encryption algorithms withstanding "Quantum Computing" attacks
A U.S. government laboratory recently unveiled three eagerly awaited encryption algorithms capable of resisting cyberattacks from quantum computers. These new encryption standards, two of which were created by IBM are intended to protect various types of electronic information, including private emails and e-commerce transactions that are vital to the modern economy.
Encryption carries a heavy load in modern digitized society. It protects countless electronic secrets, such as the contents of email messages, medical records and photo libraries, as well as information vital to national security. Encrypted data can be sent across public computer networks because it is unreadable to all but its sender and intended recipient.
In 2015, NIST initiated the selection and standardization of quantum-resistant algorithms to counter potential threats from quantum computers. After assessing 82 algorithms from 25 countries, the top 15 were identified with global cryptographers' assistance. These were categorized into finalists and alternative algorithms, with draft standards released in 2023. Cybersecurity experts are now encouraged to incorporate these new algorithms into their systems.
The announcement coincides with the fast-paced advancements in quantum computing which uses quantum mechanics to tackle intricate computing challenges. NIST's quantum computing devices, capable of breaking encryption, may be created in the next ten years, posing risks to the security and privacy of individuals, organizations, and countries.
NIST's cryptography is based on structured lattices and hash functions, two families of maths problems that can resist a quantum.
NIST has unveiled its final set of encryption tools intended to be resistant to quantum computer attacks. These post-quantum encryption standards protect various types of electronic information, including private emails and e-commerce transactions that are vital to the contemporary economy. NIST is urging system administrators to start adopting these new standards promptly. This is part of the first completed standards from NIST's post-quantum cryptography (PQC) standardization initiative, which are now available for immediate implementation.
The standards that include the computer code for encryption algorithms, implementation guidelines and their intended applications are the outcome of an eight-year initiative led by NIST, an organization known for its expertise in encryption development. NIST has brought together global cryptography specialists to design, propose, and assess cryptographic algorithms capable of withstanding potential threats posed by quantum computers.
The new standards are designed for two essential tasks for which encryption is typically used.
1 - General encryption - Used to protect information exchanged across a public network.
2 - Digital signatures - Used for identity authentication.
NIST announced its selection of four algorithms slated for standardization in 2022 and released draft versions of three of these standards in 2023. The fourth draft standard based on FALCON is planned for late 2024.
These standards specify key establishment and digital signature schemes that are designed to resist future attacks by quantum computers which threaten the security of current standards. The three algorithms specified in these standards are each derived from different submissions to the NIST Post-Quantum Cryptography Standardization Project.
There have been no substantive changes made to the standards since the draft versions, NIST has changed the algorithms’ names to specify the versions that appear in the three finalized standards. FIPS = Federal Information Processing Standard
FIPS 203 - It is intended as the primary standard for general encryption. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation. The standard is based on the CRYSTALS-Kyber algorithm, which has been renamed ML-KEM, short for Module-Lattice-Based Key-Encapsulation Mechanism. It specifies a cryptographic scheme called the Module-Lattice-Based Key-Encapsulation Mechanism Standard which is derived from the CRYSTALS-KYBER submission. A key encapsulation mechanism (KEM) is a particular type of key establishment scheme that can be used to establish a shared secret key between two parties communicating over a public channel. Current NIST-approved key establishment schemes are specified in NIST Special Publication (SP) 800-56A, Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm-Based Cryptography, and SP 800-56B, Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization Cryptography.
FIPS 204 - It is intended as the primary standard for protecting digital signatures. The standard uses the CRYSTALS-Dilithium algorithm, which has been renamed ML-DSA, short for Module-Lattice-Based Digital Signature Algorithm.
领英推荐
FIPS 204 and 205 each specify digital signature schemes which are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. FIPS 204 specifies the Module-Lattice-Based Digital Signature Standard, which is derived from CRYSTALS-Dilithium submission.
FIPS 205 - It also designed for digital signatures. The standard employs the Sphincs+ algorithm which has been renamed SLH-DSA short for Stateless Hash-Based Digital Signature Algorithm. The standard is based on a different math approach than ML-DSA, and it is intended as a backup method in case ML-DSA proves vulnerable.
FIPS 205 specifies the Stateless Hash-Based Digital Signature Standard, which is derived from the SPHINCS+ submission. Current NIST-approved digital signature schemes are specified in FIPS 186-5, Digital Signature Standard, and SP 800-208, Recommendation for Stateful Hash-Based Signature Schemes. NIST is also developing a FIPS that specifies a digital signature algorithm derived from FALCON as an additional alternative to these standards.
FIPS 206 - The algorithm will be dubbed FN-DSA, short for FFT (fast-Fourier transform) over NTRU-Lattice-Based Digital Signature Algorithm when the draft FIPS 206 standard built around FALCON is released.
Out of dozens of submissions, four were chosen to be standardized, three of which are released : ML-KEM, ML-DSA and SLH-DSA.
All three post-quantum cryptographic algorithms are based on highly complex math equations that experts maintain can withstand the heightened computing power of quantum computers, keeping websites and internet traffic secure from third-party intrusions.
NIST is urging cybersecurity firms to immediately adopt the three encryption standards, which were all approved as Federal Information Processing Standards by the US Secretary of Commerce.
The fourth standardized encryption algorithm, which was developed by IBM and is called FALCON, is scheduled to be released later this year. The rise of quantum computing has increased the need to develop and implement post-quantum cybersecurity mechanisms.
This article is written by Prakash Padariya
*All views are personal.
#NIST #QantumComputing #cyberattacks #Qantum #encryption
Sr. Director, Head of Product Security at Cloud Software Group
2 个月Thanks Prakash Padariya.. Interesting to see the development. But the next challenge comes about implementing it effectively (speed) with the current computing on end points..
Director Strategic Initiatives | Cyber Security Evangelist
2 个月All three post-quantum cryptographic algorithms are based on highly complex math equations that experts maintain can withstand the heightened computing power of quantum computers, keeping websites and internet traffic secure from third-party intrusions.