Post Quantum Cryptography and Digital Signatures

In an announcement on Aug 13th 2024, the NIST - National Institute of Standards and Technology, published FIPS 203 - Module-Lattice-Based Key-Encapsulation Mechanism Standard, which is a new standard for a secure symmetric key exchange, FIPS 204 - Module-Lattice-Based Digital Signature Standard and FIPS 205 - Stateless Hash-Based Digital Signature Standard.

A fourth standard FIPS 206 is to be published late 2024, completing the roll-out of Post Quantum Computing algorithms for public use.

For a long time, cryptographers have maintained that the RSA algorithms used for secret key exchange and for digital signatures were safe for use, so long as quantum computers did not evolve sufficiently so as to be able to be applied to carry out brute force attacks against encrypted data. However, Quantum Computers are being built and their capacity is growing. Shor′s algorithm runs on Quantum Computers exactly factoring large numbers, in what would be a tool for a brute force attack on traditional public key cryptography.

In 2016, the NIST decided to initiate a process to make available new standards for public key cryptography and digital signatures that could be considered secure even from Quantum Computer attacks and invited submissions from specialists. After much study and many comments from specialists from all over the world, the standards are finally being rolled out.

What will the repercussions be? First, any enterprise or company dealing with the US Government will be expected to switch over to the new algorithms as soon as possible. The same will happen with most foreign governments. This switch involves all forms of transmission of encrypted data and all usage of digital signatures. This will obviously impact browsers, data gateways, cloud computing, in fact all of the technology involved in modern day IT.

Needless to say, a huge effort in switching to new technologies will have to be undertaken. Each organization must start to prepare for the changes. And obviously the technology vendors and consulting firms will have their offerings.

This is the CSA announcement: NIST FIPS 203, 204, and 205 Finalized: An Important Step Towards a Quantum-Safe Future.