NIST Officially Announces Release of First 3 Finalized Post-Quantum Encryption Standards — Plus Quantum Community Reaction
Insider Brief
- The U.S. National Institute of Standards and Technology (NIST) has finalized its primary set of encryption algorithms designed to withstand future quantum computer cyberattacks, marking the culmination of an eight-year effort.
- With quantum computers potentially capable of breaking current encryption within a decade, NIST is urging organizations to start integrating these new standards immediately to safeguard data against future threats.
- While NIST’s newly finalized standards are the primary tools for protecting digital data, the agency is also evaluating additional algorithms as potential backups to ensure ongoing security in the quantum era.
- Quantum experts weigh in on this historic announcement below NIST’s official article on the release.
- Image Credit: J. Wang/NIST and Shutterstock
PRESS RELEASE — The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has finalized its principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer.
Researchers around the world are racing to build quantum computers that would operate in radically different ways from ordinary computers and could break the current encryption that provides security and privacy for just about everything we do online. The algorithms announced today are specified in the first completed standards from NIST’s post-quantum cryptography (PQC) standardization project, and are ready for immediate use.
The three new standards are built for the future. Quantum computing technology is developing rapidly, and some experts predict that a device with the capability to break current encryption methods could appear within a decade, threatening the security and privacy of individuals, organizations and entire nations.
“The advancement of quantum computing plays an essential role in reaffirming America’s status as a global technological powerhouse and driving the future of our economic security,” said Deputy Secretary of Commerce Don Graves. “Commerce bureaus are doing their part to ensure U.S. competitiveness in quantum, including the National Institute of Standards and Technology, which is at the forefront of this whole-of-government effort. NIST is providing invaluable expertise to develop innovative solutions to our quantum challenges, including security measures like post-quantum cryptography that organizations can start to implement to secure our post-quantum future. As this decade-long endeavor continues, we look forward to continuing Commerce’s legacy of leadership in this vital space.”
The standards — containing the encryption algorithms’ computer code, instructions for how to implement them, and their intended uses — are the result of an eight-year effort managed by NIST, which has a long history of developing encryption. The agency has rallied the world’s cryptography experts to conceive, submit and then evaluate cryptographic algorithms that could resist the assault of quantum computers. The nascent technology could revolutionize fields from weather forecasting to fundamental physics to drug design, but it carries threats as well.
“Quantum computing technology could become a force for solving many of society’s most intractable problems, and the new standards represent NIST’s commitment to ensuring it will not simultaneously disrupt our security,” said Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio. “These finalized standards are the capstone of NIST’s efforts to safeguard our confidential electronic information.”
Encryption carries a heavy load in modern digitized society. It protects countless electronic secrets, such as the contents of email messages, medical records and photo libraries, as well as information vital to national security. Encrypted data can be sent across public computer networks because it is unreadable to all but its sender and intended recipient.
Encryption tools rely on complex math problems that conventional computers find difficult or impossible to solve. A sufficiently capable quantum computer, though, would be able to sift through a vast number of potential solutions to these problems very quickly, thereby defeating current encryption. The algorithms NIST has standardized are based on different math problems that would stymie both conventional and quantum computers.
“These finalized standards include instructions for incorporating them into products and encryption systems,” said NIST mathematician Dustin Moody, who heads the PQC standardization project. “We encourage system administrators to start integrating them into their systems immediately, because full integration will take time.”
Moody said that these standards are the primary tools for general encryption and protecting digital signatures.
NIST also continues to evaluate two other sets of algorithms that could one day serve as backup standards.
One of these sets consists of three algorithms designed for general encryption but based on a different type of math problem than the general-purpose algorithm in the finalized standards. NIST plans to announce its selection of one or two of these algorithms by the end of 2024.
The second set includes a larger group of algorithms designed for digital signatures. In order to accommodate any ideas that cryptographers may have had since the initial 2016 call for submissions, NIST asked the public for additional algorithms in 2022 and has begun a process of evaluating them. In the near future, NIST expects to announce about 15 algorithms from this group that will proceed to the next round of testing, evaluation and analysis.
While analysis of these two additional sets of algorithms will continue, Moody said that any subsequent PQC standards will function as backups to the three that NIST announced today.
“There is no need to wait for future standards,” he said. “Go ahead and start using these three. We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event.”
Reaction From The Quantum Community
UK cybersecurity company PQShield directly contributed to the new NIST standards, and has advised the White House and European Parliament on the migration to PQC. Its quantum-secure technologies are used by companies across the global technology supply chain.
Comment from Dr Ali El Kaafarani, CEO and founder of PQShield:
“By ratifying and publishing its post-quantum cryptography standards, NIST is triggering the biggest and most significant cybersecurity transition in history.
“In every industry, the cryptography that keeps data, devices, connections and components secure must now be modernised in line with the new standards.
“The transition to quantum security will protect critical national infrastructure, and will make the entire technology supply chain more secure for decades to come – but modernising vital security systems and components won’t happen overnight. With the threat of ‘harvest-now-decrypt-later’ attacks, organisations that haven’t already started planning for post-quantum cryptography are already behind.
“This is an exciting moment for cryptographers like us, who worked to shape the new standards. It’s now our duty and responsibility to get the algorithms into the hands of more organisations, so they can keep us all one step ahead of the attackers.”
Below are perspectives from cybersecurity experts at Quantinuum regarding the NIST announcement.
Duncan Jones, Head of Cybersecurity, Quantinuum
“We welcome NIST concluding this vital industry-wide process. Today represents a crucial first step towards protecting all our data against the threat of a future quantum computer that could decrypt traditionally secure communications. Every CISO now has a mandate to urgently adopt these new standards alongside other methods for hardening their cybersecurity systems. We know that data stolen today could be decrypted at any time in the future, and sensitive data such as health records or financial data falling into the wrong hands would be damaging. We work with a wide range of enterprise customers, and it’s clear that successful CISOs recognize quantum is an ally as well as a threat.”
“A lot has taken place in the quantum industry since NIST announced the PQC algorithms for standardization in 2022. Quantum hardware developers are achieving systems that are now edging beyond classical simulation, initial real-world benefits are starting to emerge across a variety of applications, and governments around the world are increasing their investments to ensure economic and national security. On all fronts – from technology to global policy – advancements are causing experts to predict a faster timeline to reaching fault-tolerant quantum computers. The standardization of NIST’s PQC algorithms is a critical milestone in that timeline.”
“The NIST standardization marks the start of a new era for CISOs and their security teams, one of planning and implementation. Moving forward, public and private sectors alike must pursue a layered, defined strategy that includes PQC as well as cybersecurity solutions that leverage quantum mechanics, such as proven quantum randomness for encryption key generation. When combined with PQC algorithms, these quantum-derived technologies can help protect against a far fuller range of threats posed by quantum computers.”
Kaniah Konkoly-Thege, Chief Legal Counsel, SVP Government Relations
“The last decade has witnessed remarkable progress in the advancement of quantum technologies, resulting in the quantum information science ecosystem having a measurable presence beyond academia and into the commercial sector. This movement from early-stage scientific exploration into applied commercial research and development has caused governments worldwide to view quantum as a strategic technology to their economies.
“The U.S. government’s approach to quantum computing cybersecurity preparedness must remain flexible, reflecting the evolving nature of both the technological capabilities and threats. Beyond the confirmation of these initial algorithms, NIST has made further calls for digital signature algorithm candidates, seeking to diversify the algorithms that it standardizes. It will be several years before these additional signature algorithms are standardized.
“While exact timelines for adoption of quantum cyber defenses remain unknown, federal agencies should focus on enhancing cryptographic agility so the U.S. remains resilient against potential quantum computing threats that could compromise sensitive defense and critical infrastructure systems and information.”
Commentary from Tom Patterson, Emerging Technology Security lead at Accenture
“The NIST announcement on new global encryption standards for quantum marks a pivotal moment in our cybersecurity landscape. As quantum computers emerge, they present a significant risk to our current encryption methods. Organizations must assess their quantum risk, discover vulnerable encryption within their systems, and develop a resilient cryptographic architecture now. We’ve been focused on helping our clients through each phase of this critical transition for years and with these new standards will work with organizations to help them maintain their cyber resilience in the post quantum world.”
Chris Hickman, CSO, Keyfactor
“Security leaders are well aware of the threats to come with quantum computing – with each day we get closer to a quantum computer that could break current encryption methods that every business relies on. Encryption protects everything from banking and retail transactions to valuable business data and does not discriminate. All businesses, from global organizations to small mom-and-pop shops, are at significant risk.
With the finalization of the first suite of NIST cryptographic algorithms, organizations now have the tools to safeguard against the quantum threat. While Q-day may seem years away, security leaders need to keep in mind that AI capabilities increase the need to transition to PQC algorithms. Attackers will leverage the speed of AI to get that much closer to breaking encryption and, in many cases, steal valuable and sensitive data now to decrypt in the future, including personal information, trade secrets, and national security information – wreaking havoc on the long-term security of and trust in the entities that we rely on for our digital world to operate. The confluence of these two events means the world is now racing against an unknown timeline and opponent to secure (or break) encryption.
The finalization of NIST’s three of four algorithms marks the starting line in the race to secure against the threat of quantum computers for many – and the preservation of digital trust is on the line. Now, more than ever, it will be vitally important for organizations of all sizes to adequately plan and test for the adoption of these new algorithms, which includes conducting security assessments to verify how prepared their supply chains to ensure a smooth transition over the coming years.”
Markus Pflitsch, founder and CEO of Terra Quantum, a Swiss -German quantum company and experts on quantum-resilient solutions:
“NIST’s standards are a critical milestone that should motivate organizations to take the quantum threat seriously. We commend NIST for leading on standardizing post-quantum cryptography (PQC), a crucial component of quantum-resistant security. A comprehensive security strategy will also consider the role of quantum key distribution (QKD), which provides additional layers of security.
“While the U.S. government has been more reserved about embracing QKD compared to Europe, it’s encouraging to see increasing support for a holistic approach to post-quantum cybersecurity.”