Aug 25 – Draft copy of post-quantum cryptography (PQC) standards has been published by the U.S. National Institute of Standards and Technology (NIST). The framework will enable organizations to protect themselves from future quantum-based cyber attacks. The draft documents encompass three draft Federal Information Processing Standards (FIPS).
PQC standardization process
Starting in December of 2016, NIST began to collect submissions for standards recommendations. After multiple rounds of selection, in July of 2022, NIST announced the four encryption algorithms that would form its PQC standard.
The CRYSTALS-Kyber algorithm was chosen for general encryption (its purpose is to secure access to websites) and CRYSTALS-Dilithium, FALCON and SPHINCS+ were selected for digital signatures.
The algorithms were included in the three Federal Information Processing Standards published by NIST.
Document feedback
NIST is currently requesting industry feedback on the draft documents. Feedback must be received on or before November 22nd, 2023.
NIST anticipates that the standards will grow to serve as the global benchmark for quantum-resistant cyber security across the world.
Preparing for Q-Day
The PQC Standardization Process is part of efforts intended to facilitate quantum-secured technologies before ‘Q-Day’ – the point at which quantum computers can break existing cryptographic algorithms.
Industry professionals believe that this will occur within the next five to 10 years. As a result, based on existing encryption protocols, Q-Day could render all digital information vulnerable to cyber adversaries.
In December of 2022, President Joe Biden signed the Quantum Computing Cybersecurity Preparedness Act into law, which mandates that U.S. federal agencies migrate all IT systems to post-quantum cryptography.
A key barrier to migration is lack of confidence that new algorithms and standards will be finalized. However NIST’s new draft standards provide assurance and a framework that encourages everyone to move forward, according to experts.
Learn more here. Lastly, to receive more timely cyber security insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.