The National Insititute of Standards and Technology (NIST) continues to make impressive inroads on their Post-Quantum Cryptography Standardization Project.
As of August 24, 2023, they have released first draft standards for three of the four quantum-resistant cryptography algorithms chosen in July 2022.
The three standards developed are derived from CRYSTALS-KYBER, CRYSTALS-Dilithium, and SPHINCS+, with the last of the four algorithms, FALCON, to be developed next year. As the recently released standards are only a first draft, NIST has opened these three to public comment and scrutiny until November 22, 2023—with general standards set to become available sometime in early 2024.
NIST also has plans to develop a second set of standards to follow the first four, which will be designed as an augmentation to the first set.
What is the NIST Post-Quantum Cryptography Standardization Project?
Since quantum computers, once they’re powerful enough, have the potential to break public-key encryption—NIST has been working on the standardization project to develop quantum-safe encryption models.
This journey began in November 2017, with an initial solicitation for viable algorithms that aren’t susceptible to quantum threats, and after several rounds of submissions, in mid-2022, the four most capable algorithms were announced.
Then, in late August 2023, new draft standards were released, each of which are explained in further detail below.
Prepare for the Future of Cybersecurity: InfoSec's Guide to Post-Quantum Readiness
NIST’s three new draft standards: FIPS 203, 204 and 205
These three standards are designed “to resist future attacks by quantum computers, which threaten the security of current standards.”
FIPS 203
A Module-Lattice-Based Key-Encapsulation Mechanism Standard
Derived from the CRYSTALS-KYBER submission, FIPS 203 proposes a key encapsulation mechanism, which is used to establish a shared secret key between two users who communicate over a public channel.
For more information on FIPS 203, head over here.
FIPS 204
A Module-Lattice-Based Digital Signature Standard
Developed from the CRYSTALS-Dilithium submission, FIPS 204 emphasizes the need for secure digital signatures, which are used to detect unapproved changes to information and authenticate identities. Recipients also use digital signatures to verify data as legitimate and tamper-free.
This standard specifically details a set of algorithms used to generate and verify digital signatures, and is said to be “secure even against adversaries in possession of a Cryptographically-RelevantQuantum Computer.”
FIPS 205
A Stateless Hash-Based Digital Signature Standard
Using SPHINCS+ as the foundation, FIPS 205 proposes a stateless hash-based digital signature algorithm that’s also used to authenticate and verify signatories of data.
To learn more about FIPS 205, head over here.
Coming in 2024: Algorithm developed from FALCON
The fourth submission to the project, FALCON, will receive standards in 2024, according to a recent post from NIST.
Quantum-Resistant Cryptography: Implementation challenges
As NIST continues to make progress, it’s time for enterprises to take stock of their current assets and gauge their level of quantum risk. What keys are used where? What’s vulnerable to quantum computers?
By building an inventory of your use of cryptographic systems, you’ll be ahead of the game when it comes time to making the migration to post-quantum cryptography. And there’s no time like today to get started.
Configuring, testing and implementing new encryption systems takes significant time and effort. You have to determine compatibility and effectiveness, all while minimizing operational disruptions. That means the time to start is now.
How Venafi can help you prepare for a post-quantum world
NIST, as well as many other tech leaders, recommend a three-step readiness checklist for making the switch to post-quantum cryptography. To ensure a successful migration, taking charge of your machine identities is critical.
- Establish comprehensive, enterprise-wide machine identity management that provides total observability and automation for every machine identity, regardless of machine type, location or use case.
- Determine your levels of crypto-agility, and be certain that your machine identity management platform provides the crypto-agility your enterprise needs to quickly migrate to PQC—and that it offers the ability to test hybrid certificates and quantum PKI solutions today.
- Be sure that your machine identity management partner has the knowledge, expertise, and offerings needed to guide your enterprise through a smooth post-quantum migration.
Have questions on where to start?
Venafi’s world-leading Control Plane for Machine Identities provides the visibility, automation and crypto-agility today’s enterprises need to elevate their security against future quantum computing threats.