The National Institute of Standards and Technology (NIST) is requesting stakeholder feedback on a group of draft standards that support algorithms designed to withstand attack by quantum computers. NIST seeks input from relevant stakeholders in the cryptographic community until November 22, 2023.
NIST’s efforts began in 2016 with its call for proposals for post-quantum cryptography standardization, a call-to-action to gather, test, and ultimately recommend new algorithms that would be less susceptible to a quantum computer’s attack.
Submissions from around the world included 69 eligible algorithms, which were presented to experts to analyze, and to “crack,” if they could. NIST notes that the testing process was open and transparent, and many of the world’s best cryptographers participated in multiple rounds of evaluation, which reduced the number of algorithm candidates that NIST selected in 2022.
The latest phase of the effort includes standardizing the algorithms NIST selected in 2022. NIST has released three drafts; the fourth algorithm will be released in about a year.
Eventually, organizations around the world can integrate these quantum-resistant cryptographic algorithms into their encryption infrastructure. And although quantum computers that are powerful enough to defeat current encryption algorithms do not yet exist, security experts say that it’s important to plan ahead, NIST reports, “in part because it takes years to integrate new algorithms across all computer systems.”
The new publications (below) are Federal Information Processing Standards (FIPS). The documents provide details that will guide users as they implement the algorithms in their own systems.
“Sensitive electronic information, such as email and bank transfers, is currently protected using public-key encryption techniques, which are based on math problems a conventional computer cannot readily solve,” NIST reports. “Quantum computers are still in their infancy, but a sufficiently powerful one could solve these problems, defeating the encryption. The new standards, once completed, will provide the world with its first tools to protect sensitive information from this new kind of threat.”
NIST also reports that in addition to the algorithms, the project team also selected a second set of algorithms for ongoing evaluation, intended to augment the first set.
NIST is accepting feedback from the public on the FIPS 203, 204 and 205 draft standards until November 22. Comments can be submitted to [email protected], [email protected], and [email protected]
Access more details about NIST’s latest efforts and ongoing work in its recent news item.