NIST’s Post-Quantum Cryptography Standards Are Here
August 13, 2024 -- In a landmark announcement, the National Institute of Standards and Technology (NIST) has published its first set of post-quantum cryptography (PQC) standards. This announcement serves as an inflection point in modern cybersecurity: as the global benchmark for cryptography, the NIST standards signal to enterprises, government agencies, and supply chain vendors that the time has come to make the world’s information security systems resistant to future cryptographically relevant quantum computers.
In today’s modern digital economy, the security of sensitive data and communication depends on cryptography. By using cryptographic schemes, organizations provide protections for confidentiality, authenticity, and integrity, ensuring that only authorized parties can access or make changes to data. NIST has formalized the following three PQC standards to strengthen modern public-key cryptography infrastructure for the quantum era:
- ML-KEM (derived from CRYSTALS-Kyber) — a key encapsulation mechanism selected for general encryption, such as for accessing secured websites
- ML-DSA (derived from CRYSTALS-Dilithium) — a lattice-based algorithm chosen for general-purpose digital signature protocols
- SLH-DSA (derived from SPHINCS+) — a stateless hash-based digital signature scheme
Two of the standards (ML-KEM and ML-DSA) were developed by IBM Research cryptography researchers in Zurich with external collaborators, and the third (SLH-DSA) was co-developed by a scientist who has since joined IBM Research.
Existing public-key cryptographic schemes, such as the Rivest-Shamir-Adleman (RSA) cryptosystem, rely on the difficulty of factoring large numbers into prime factors — a challenging problem as the numbers get larger. While computer scientists believe classical computers to be practically incapable of factoring numbers larger than 2048 bits, researchers have shown that a cryptographically relevant quantum computer could break RSA-2048 in a matter of hours by applying Shor’s algorithm.1 If malicious actors were to get access to encrypted data, this could disrupt and harm customer and organizational trust in digital communication, online transactions in retail, digital signatures in finance, and critical infrastructure.
This is where cryptography based on different mathematical problems comes in. The PQC standards rely on the complex mathematics of polynomial lattices and hash functions. Cracking them would be a daunting task for even the most powerful cryptographically relevant quantum computer of the future. An added benefit of the PQC algorithms is their efficiency, said Vadim Lyubashevsky, IBM cryptography researcher and co-developer of the CRYSTALS algorithm suite.
“Algorithms based on lattices when designed properly are actually more efficient than algorithms being used today,” he said. “While they might be larger than classical cryptography, their running time is faster than the classical algorithms based on discrete, larger RSA or elliptic curves.”
NIST has been encouraging organizations to plan and prepare for the quantum-safe migration in advance of this moment. However, the formal release of the standards gives organizations the assurance and guidance they need to begin the transition to post-quantum cryptography.
It is critical for organizations to begin securing their data and infrastructure with the new quantum-safe algorithms. Data not secured today using post-quantum cryptography is vulnerable to “harvest now, decrypt later” attacks, whereby bad actors steal data and store it until a cryptographically relevant quantum computer becomes available to decrypt it. Additionally, past cryptographic migrations have taken nearly 20 years to complete, and the quantum-safe cryptographic migration presents more complexities than previous moves, as it will require many security protocols to be re-engineered and infrastructure to be updated. To navigate the migration in a way that minimizes business disruptions and associated costs, organizations need to create a quantum-safe transformation strategy now and begin an incremental transition to the new standards.
NIST’s publication of the PQC standards is not an endpoint in the quantum-safe journey but rather the beginning. Adopting a systematic approach with crypto-agility will enable your organization to execute a quantum-safe migration in tandem with other cybersecurity modernization efforts. Start now by establishing your organization’s priorities and creating a quantum-safe transformation strategy. To support organizations throughout this journey, IBM Quantum Safe technologies and services provide a roadmap to cyber resiliency through cryptographic discovery, observability, and transformation.