NIST has shared standards for general encryption and digital signatures and has called on organisations to transition as soon as possible.
After years of testing, the US National Institute of Standards and Technology (NIST) has released its first set of finalised encryption algorithms to protect devices from quantum computers.
These algorithms are known as “post-quantum encryption standards” and are designed to handle cyberattacks from a quantum computer to protect various aspects of society. The institute is calling on computer system administrators to transition to these new standards “as soon as possible”.
Encryption is a vital component to digital security, protecting everything from emails and online transactions to confidential data. But the global research into quantum computers presents a future risk – if these machines are created, they would be able to break current encryption standards easily.
NIST began its efforts to address this risk in 2016, when it called on cryptographers to devise and vet potentially quantum-resistant algorithms. In 2022 it selected four encryption algorithms believed to be strong enough to protect against quantum computers.
The three standards revealed by NIST yesterday (13 August) stem from these algorithms and have been given new names to reflect their role in future encryption. A fourth standard is expected to be released by NIST in the future.
The Federal Information Processing Standard (FIPS) 203 is intended by NIST to be the “primary standard for general encryption”. NIST said it has comparatively small encryption keys that two parties can exchange easily and a good operation speed.
FIPS 204 is intended to be the primary standard for protecting digital signatures, while FIPS 205 is another standard for digital signature encryption.
“These finalised standards include instructions for incorporating them into products and encryption systems,” said NIST mathematician Dustin Moody who heads the post-quantum cryptography (PQC) standardisation project. “We encourage system administrators to start integrating them into their systems immediately, because full integration will take time.”
Last year, Sectigo’s Tim Callan spoke about the challenges in adopting quantum-resistant encryption, the possibility of hybrid certificates and the ongoing threat of ‘harvest and decrypt’ tactics.
Is Europe ready?
Researchers around the world are working to tackle the various hurdles that exist to create the first true quantum computer. Therefore, it makes sense that standards are created to update encryption standards.
But Ekaterina Almasque, an IQM board member and general partner at VC firm OpenOcean, said Europe should be taking a lead in PQC standards and “not just ride on the US’s coattails”.
“As NIST releases its first set of federal PQC standards, the US is executing on a clearly defined strategy,” Almasque said. “It has already communicated to companies working on sensitive projects for the US government that they may soon be required to use quantum encryption algorithms, and it is now giving them the tools to do so.
“If Europe and the UK want to direct their own quantum funding efficiently and build public confidence in PQC, they need a clear and well-communicated strategy that reaches start-ups, the public sector and other key stakeholders.”
Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.