The NIST standards for quantum-safe cryptography
Author: Timothy Hollebeek
For nearly a decade, the world’s leading?cryptographers ?have been collaborating with the National Institute of Standards and Technology ?(NIST) to create new algorithms to safeguard against the?looming threat posed by quantum computers . And in August 2024, National Institute of Standards and Technology (NIST) announced three new long-awaited?encryption standards : FIPS 203, 204, and 205.
What does this mean for the cybersecurity industry and the billions of people relying on?digital trust ?to?secure internet communications ?and keep their data safe? Let’s take a closer look at the standards and the action plan for putting them into play.
The quantum threat
Today’s?quantum computers ?are relatively small, and the technology is still in its infancy. But they’re progressing at a rate that has cybersecurity experts sounding the alarm. We expect?cryptographically relevant quantum computers (CRQCs) ?to be operational within the next five to ten years.?
There's a very good reason this rapidly advancing technology is setting off alarm bells. CRQCs will compromise data security and network security protocols by breaking the asymmetric encryption methods the world currently relies on to secure everything from?online banking ?to confidential communications. And while five to ten years might sound like enough time to protect against a future threat, attackers are already practicing “harvest now, decrypt later,” a data breach strategy that collects encrypted data today, storing it until quantum computers make it possible to decrypt.
The solution: Quantum-resistant algorithms
The solution lies in developing and implementing new?quantum-resistant ?encryption algorithms ?built on complex math problems that will be difficult for even quantum computers to solve. That's precisely what NIST has accomplished with FIPS 203, 204, and 205, standards that provide detailed instructions on employing the new algorithms to secure internet traffic, ensuring robust protection against the quantum attacks we know are coming.?
While the specific technical details of the algorithms introduced by FIPS 203, 204, and 205 are complex, their mathematical complexity makes them inherently resistant to quantum computing attacks. By incorporating these algorithms, systems can maintain a high level of security even in a future dominated by quantum.
Understanding the algorithms
Quantum-resistant algorithms are designed to provide strong encryption that can withstand attacks from even the most powerful quantum computers, safeguarding the processes of?encryption and decryption ?against unauthorized parties. These algorithms fall into several categories, each with unique strengths and weaknesses.?
The new NIST standards provide a mix of algorithm types. Here’s a breakdown of what the standards include.
领英推荐
FIPS 203 and 204: Lattice-based cryptography
NIST’s Post-Quantum Cryptography competition identified quantum-resistant lattice-based algorithms like?CRYSTALS-Kyber ?and?CRYSTALS-Dilithium ?for?public key cryptography?and?digital signatures , respectively.?FIPS 203 is dedicated to key agreement protocols, while FIPS 204 focuses on digital signatures, with both standards leveraging lattice-based cryptographic methods to ensure quantum-safe security.?
FIPS 205: Hash-based cryptography
The FIPS 205 standard incorporates hash-based cryptographic methods like those used in the?SPHINCS+ ?signature scheme. Hash-based signatures are quantum-safe because they rely on cryptography hash functions that are resistant to quantum attacks.
The path to quantum readiness: A call to action
The release of the new NIST standards marks a crucial turning point. It’s a call to action for the cybersecurity industry, governments, and organizations around the globe to proactively prepare for the quantum era.
DigiCert and other internet security companies have already started integrating these quantum-resistant algorithms into their security frameworks. The goal is to deploy these algorithms at scale, ensuring the internet’s security during this critical transition period.
But keeping communications, data, and devices secure against the evolving quantum threat will be a global effort. Here’s what organizations looking to prepare for the quantum future can do now to get on board.
The future of cryptographic security
Quantum computing’s impending arrival represents both a challenge and an opportunity for the?field of cryptography ?and?digital security. ?While the potential for quantum computers to break current cryptographic systems is a significant?cyber threat , the proactive development of quantum-resistant algorithms means we're not defenseless.?
The new NIST standards are a significant step, providing a clear roadmap for the?crypto-agility ?we need to secure our digital future. But the journey toward quantum readiness is just beginning. Organizations and individuals alike have to embrace the new standards to prepare for the changes ahead. It’s the only way to?ensure that the internet remains a secure and trusted ?platform for commerce, communication, and innovation.
The latest developments in digital trust
Want to learn more about topics like?PQC ,?crypto-agility , and?encryption ? Subscribe to the?DigiCert blog ?to ensure you never miss a story.