The US NIST has published the Draft post-quantum cryptography (PQC) standards. The new framework is designed to help organizations protect themselves from future quantum-enabled cyber-attacks.
The draft documents were published on August 24, 2023, and encompass three draft Federal Information Processing Standards (FIPS). These standards were selected by NIST following a process that began in December 2016, when the agency issued a public call for submissions to the PQC Standardization Process.
NIST announced the four encryption algorithms that would form its PQC standard in July 2022. The CRYSTALS-Kyber algorithm was chosen for general encryption and CRYSTALS-Dilithium, FALCON and SPHINCS+ were selected for digital signatures.
These algorithms are incorporated into the three FIPS published by NIST:
- FIPS 203, a Module-Lattice-Based Key-Encapsulation Mechanism Standard, a particular type of key establishment scheme which can be used to establish a shared secret key between two parties communicating over a public channel.
- FIPS 204, a Module Lattice-Based Digital Signature Standard, derived from the CRYSTALS-Dilithium submission.
- FIPS 205, a Stateless Hash-based Digital Signature Standard, derived from the SPHINCS+ submission.
NIST is now requesting industry feedback on the draft documents, which must be received on or before November 22, 2023. It is expected that the standards will become the global benchmark for quantum-resistant cybersecurity across the world in 2024.
The PQC Standardization Process forms part of efforts to facilitate quantum-secured technologies before ‘Q-Day’ – the point at which quantum computers can break existing cryptographic algorithms. Experts believe this will occur in the next five to 10 years, potentially leaving all digital information vulnerable to cyber-threat actors under current encryption protocols.
In December 2022, President Joe Biden signed the Quantum Computing Cybersecurity Preparedness Act into law, which mandates US federal agencies to eventually migrate all IT systems to post-quantum cryptography.