NIST, USA’s technology standardization institute, selects the first quantum-safe cryptography algorithms to be standardized for a secure Internet
Future quantum computers will break the security of an important part of the cryptography that makes our digital world secure.
NIST launched in 2016 a process to define new cryptographic algorithms that will remain secure in front of quantum computers. These are known as quantum-safe or post-quantum cryptography (PQC). Last July 5th, NIST announced the result of the third round of the PostQuantum Cryptography standardization process. In this round, they have selected the first algorithms that will now be standardized. The standards are expected to be available in 2024.
Quick Summary:
- Only one Key Encapsulation Mechanism (KEM) has been selected.
- Three signature schemes have been selected.
- SPHINCS+, a hash-based signature scheme, has been selected. It was an alternate candidate previously. That sounds like great news.
- They have started the fourth round.
✅️ Key messages for the selected algorithms:
CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures) were both selected for their strong security and excellent performance, and NIST expects them to work well in most applications.
FALCON will also be standardized by NIST since there may be use cases for which CRYSTALS-Dilithium signatures are too large.
These algorithms belong to a family known as “lattice-based cryptography“.
SPHINCS+, a hash-based cryptosystem, will also be standardized to avoid relying only on the security of lattices for signatures. NIST asks for public feedback on a version of SPHINCS+ with a lower number of maximum signatures.
In the 4th round:
👉 4 KEMs go to the 4th round.
✍️ NIST plans to open a new call for proposals on signature schemes to diversify its signature portfolio, so signature schemes that are not based on structured lattices are of greatest interest. NIST would like submissions for signature schemes that have short signatures and fast verification.
So, the PQC work continues. Read the full news from NIST here.
Santander Global T&O is a global company of Santander Group with more than 3,000 employees and based in Madrid, we work to make Santander an open platform for financial services.
Check out the positions we have open here to join this great team and Be Tech! with Santander.
Follow us on LinkedIn and Instagram.
Jaime Gómez García
Universia
Architecture and IT & Telecom Infrastructure expert. I learn about the Internet, networks and applied cryptography every day since the mid 90’s.
