The National Institute of Standards and Technology(NIST), on the 13th of August 2024, released its principal set of encryption algorithms, designed to withstand attacks from quantum computers. The development of Quantum computing has caused growing concerns about the ability of current encryption standards to maintain their security. Experts claim that most modern encryption standards will be made obsolete by 2030, rendering current data encryption standards ineffective.
Quantum computing functions in a fundamentally different way from traditional computing. Quantum computers can outperform classical computers significantly for tasks that involve large datasets and complex calculations. This poses a threat to cryptographic algorithms of the modern day which are fundamentally mathematical in nature.
The strength of a cryptographic algorithm depends predominantly on the size of it’s key. To understand this better, consider AES, one of the most popular standards for symmetric key encryption. AES supports 3 different key lengths, 128, 192, and 256 bits. Even at the smallest key length, there are 3.4×1038 possible keys that could be used for encryption. For an ordinary computer, this number of possibilities is computationally infeasible to brute force. For a quantum computer, however, it will soon be possible.
NIST, one of the leading organisations for standardisation, started a project in 2016 to tackle concerns related to quantum computing’s effect on cryptography. This was dubbed the Post-Quantum Cryptography(PQC) standardisation project. The standards released on the 13th of August 2024 are the result of an 8-year-long effort by NIST as part of this project. The release contains the computer code for the algorithms, instructions of how to implement them, and their intended usage.
FIPS 203, FIPS 204, and FIPS 205 are the three finalised and ready-to-implement standards in question released by NIST.
- FIPS 203: Based on the CRYSTALS-Kyber algorithm, FIPS 203 is intended as the primary standard for general encryption. It features comparatively small encryption keys that two parties can exchange easily and a high speed of operation.
- FIPS 204 and FIPS 205: These are both intended for protecting digital signatures. FIPS 204 is based on the CRYSTALS-Dilithium algorithm while FIPS 205 on the Sphincs+ algorithm. FIPS 205 uses a different mathematical approach to serve as a backup method in case FIPS 204 proves vulnerable.
NIST is also currently evaluating two other sets of standards which could potentially become backups for these.
More details can be found in NIST’s original announcement.
If you would like to see more detailed analyses of the standards, please leave us a comment and we shall get to it in future posts.
Until next time. Stay safe.