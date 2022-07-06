US National Institute of Standards and Technology (NIST) has selected four candidates to be standardised as public key post-quantum cryptography (PQC) algorithms.

These algorithms will be lined up to replace the most common asymmetric systems such as RSA and elliptic curve cryptography (ECC) which form the backbone of current secure communications, but which are vulnerable to the massive parallel computing power of the sorts of quantum computers that may soon be available.

The selection marks the end of a competitive process that began in 2016 and saw 23 signature schemes and 59 encryption algorithms entered for consideration across a range of types and categories.

Over three rounds, some of these candidates were withdrawn, and some similar projects were merged, while others were eliminated, leaving six finalists.

On Monday, in the fourth and final round, NIST has chosen four of these candidates to be taken forward as open-source standards to be built upon, one in the 'public-key encryption/key encapsulation mechanism (KEMs)' category and three in the 'digital signatures' category.

NIST recommends two primary algorithms to be implemented for most use cases in these two categories.

CRYSTALS-KYBER is the preferred option for general public-key encryption. It is a lattice-based KEM whose security is derived from the hardness of solving the learning-with-errors problem. Its advantages include a small key size for easy key exchange and rapid encryption/decryption.

For general purpose signing, NIST recommends CRYSTALS-Dilithium, another lattice-based cryptosystem.

The other two signing finalists are a third lattice-based algorithm, FALCON, for applications that need smaller signatures, and SPHINCS+ which is based on a different mathematical approach based on hashing, and is therefore useful as a backup, despite being slower.

These algorithms will enter the standardisation phase, where the official technical descriptions of how they work will be ratified. This is expected to be completed in 2024. In the meantime, NIST will continue to explore other algorithms to provide a range of quantum proof options.

Commenting on the announcement, Duncan Jones, head of cybersecurity at Quantinuum, said: "The announcement from NIST is a major leap towards a quantum-safe economy. Organisations can now accelerate their implementation and testing efforts, safe in the knowledge they aren't backing the wrong horse.

"CISOs in every industry should be working hard on their post-quantum migration plans, so they are ready to launch into production as soon as standardisation is completed in 2024."

Dr Ali El Kaafarani, PQShield's founder and CEO at PQShield, a company that participated in the NIST process, welcomed the move, saying: "Previous cryptographic standards meant that the quantum threat touched everyone, with everything from medical records to national intelligence exposed to ‘harvest now, decrypt later' attacks. NIST's new Post-Quantum Cryptography (PQC) standards are a welcome arrival."

He added: "But there's no room for complacency. Across sectors, the race is now on to implement the new cryptographic defences, protecting data wherever it is vulnerable. Now, having actual standards to follow will help companies to put concrete transition roadmaps in place."