NIST selects first group of quantum-resistant encryption tools
The National Institute of Standards and Technology announced on Tuesday it has chosen the first group of algorithms meant to protect sensitive data against an attack from a quantum computer.
The four encryption tools will be incorporated into NIST’s post-quantum cryptographic standard, which has yet to be finalized.
The agency, which is part of the Commerce Department and develops widely used cyber standards, selected the CRYSTALS-Kyber algorithm for general encryption, used for access to secure websites. For digital signatures NIST went with three algorithms: CRYSTALS-Dilithium, FALCON and SPHINCS+.
“NIST constantly looks to the future to anticipate the needs of U.S. industry and society as a whole, and when they are built, quantum computers powerful enough to break present-day encryption will pose a serious threat to our information systems,” agency chief Laurie Locascio said in a statement.
“Our post-quantum cryptography program has leveraged the top minds in cryptography — worldwide — to produce this first group of quantum-resistant algorithms that will lead to a standard and significantly increase the security of our digital information.”
The agency said that four additional algorithms are under consideration to be included in the new cryptographic standard when it is ready in about two years.
In May, President Joe Biden issued a memorandum that ordered federal agencies to step up their preparations for the day when quantum computers capable of breaking existing encryption come online.
The document called for “a whole-of-government and whole-of-society strategy” for quantum information science, including “the security enhancements provided by quantum-resistant cryptography” and gave specific tasks for federal agencies like the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency and NIST to meet the administration’s goals.
Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.