The U.S. Department of Commerce’s National Institute of Standards and Technology today released its Federal Information Process Standards for post-quantum cryptography, a new set of standards that address the emerging security challenges posed by quantum computing.
The three new standards have been designed to ensure that digital communications remain secure against future threats while strengthening current cryptographic practices. The standards are also being released at a time when encryption vulnerabilities are becoming more urgent because of the rise of artificial intelligence-driven attacks.
NIST started the process of establishing post-quantum encryption standards in 2016, calling on cryptographers to devise encryption methods that could resist an attack from a future quantum computer.
As noted when NIST preliminary chose four encryption tools as part of the process back in 2022, quantum computers, at least as they exist today, cannot crack high-level encryption. However, with ongoing progress in the sector, it’s believed the technology will advance enough that quantum computers will be able to crack those standards, hence the need to start creating new encryption standards now.
Forward two years and though quantum computers still can’t crack high-level encryption, progress in their development continues. Companies in quantum computing, such as Alice & Bob, are offering increasingly powerful quantum computing, such as with the launch of the first cat qubit quantum chip in May.
According to NIST, the need for new standards is urgent, as cybersecurity threats such as ransomware, advanced persistent threats and data leaks continue to evolve, including the increasing role of AI to exploit and extract vulnerabilities. Strong cryptography plays a pivotal role in this landscape.
The first of the three new standards, FIPS 203, is derived from Kyber, a post-quantum cryptographic algorithm that was developed as part of the NIST Post-Quantum Cryptography Standardization project. The standard is used in key agreement protocols such as Transport Layer Security and replaces traditional methods with fast performance despite larger public keys and ciphertexts.
FIPS 204, the second standard, is based on Dilithium, a post-quantum cryptographic algorithm designed for digital signatures and intended to be used with digital signatures. The standard is said to outperform current methods in speed of verification with support for larger signatures and public keys.
The third standard, FIPS 205, is based on the security of SHA-2 or SHA-3 and offers robust security with very small public keys (32 bytes) but generates larger signatures of around about 7 kilobytes. The standard is claimed to be ideal for applications like firmware updates, where quick verification is essential.
Two of the standards, FIPS 203 and 204, were based on algorithms designed by IBM Corp., originally known as CRYSTALS-Kyber and CRYSTALS-Dilithium, in collaboration with industry and academic partners. The third ,FIPS 205, was co-developed by a researcher who has since joined IBM.
IBM, which is designing its own quantum computers, argues that the official publication of the algorithms marks a crucial milestone in advancing the protection of encrypted data from cyberattacks that could be attempted through the unique power of quantum computers. The company says they’re rapidly progressing to cryptographic relevancy. When quantum computers eventually have enough computational power, they will be used to break the current encryption standards underlying most of the world’s data and infrastructure today.
“We are excited about the incredible progress we have made with today’s quantum computers, which are being used across global industries to explore problems as we push towards fully error-corrected systems,” said Jay Gambetta, vice president of IBM Quantum. “However, we understand these advancements could herald an upheaval in the security of our most sensitive data and systems.”
Gambetta added that “NIST’s publication of the world’s first three post-quantum cryptography standards marks a significant step in efforts to build a quantum-safe future alongside quantum computing.”
The risk of quantum security armageddon could be within reach this decade. IBM’s Quantum Development Roadmap includes plans to deliver its first error-corrected quantum system by 2029. The system is anticipated to run hundreds of millions of quantum operations to return accurate results for complex and valuable problems that are currently inaccessible to classical computers.