The Post-Quantum Cryptography Standardization Process is an initiative led by the National Institute of Standards and Technology (NIST) to identify and standardize cryptographic algorithms that are resistant to attacks from quantum computers. As quantum computing advances, traditional cryptographic algorithms like RSA, ECC (Elliptic Curve Cryptography), and Diffie-Hellman will become vulnerable to quantum algorithms such as Shorβs algorithm, which can efficiently solve the mathematical problems these encryption methods rely on. To ensure long-term security, post-quantum cryptography (PQC) algorithms are being developed to resist both classical and quantum attacks.
This guide provides an overview of the post-quantum cryptography standardization process, the goals of the initiative, the candidate algorithms under consideration, and the timeline for developing future-proof encryption standards.
Why Is Post-Quantum Cryptography Necessary?
Quantum computers have the potential to break many of the cryptographic systems that secure todayβs internet, financial systems, government communications, and more. Traditional encryption methods, such as RSA, depend on the difficulty of factoring large integers, a problem that is infeasible for classical computers to solve within a reasonable timeframe. However, Shorβs algorithm, a quantum algorithm, can efficiently factor large numbers, rendering RSA and other encryption methods based on the difficulty of factoring or discrete logarithms (like ECC and Diffie-Hellman) obsolete.
The goal of post-quantum cryptography is to develop cryptographic algorithms that remain secure against both classical and quantum computers. These algorithms are based on mathematical problems that are believed to be difficult for quantum computers to solve, such as lattice-based problems, hash-based problems, and code-based problems.
Overview of the NIST Post-Quantum Cryptography Standardization Process
The NIST Post-Quantum Cryptography Standardization Project was initiated in 2016 to develop quantum-resistant cryptographic algorithms that can replace vulnerable classical cryptography methods. The process involves several stages, including an open competition where cryptographers from around the world submit algorithms for evaluation.
The goals of the NIST post-quantum cryptography standardization process are:
- To identify secure cryptographic algorithms that resist both classical and quantum attacks.
- To standardize these algorithms for use in real-world applications, such as secure communications, digital signatures, and data encryption.
- To provide guidance for organizations on transitioning from classical cryptographic systems to post-quantum systems.
Phases of the NIST Post-Quantum Standardization Process
The standardization process is divided into several phases:
Phase 1: Submission and Initial Evaluation (2016β2019)
- In this phase, cryptographers from around the world submitted algorithms to NIST for consideration. A total of 69 candidate algorithms were submitted, spanning various cryptographic categories such as public-key encryption, digital signatures, and key exchange.
- NIST conducted an initial review of these submissions, evaluating them for security, performance, and implementation efficiency.
Phase 2: Second Round of Evaluation (2019β2020)
- After the initial review, 26 candidate algorithms were selected for further evaluation. These algorithms were divided into three categories: public-key encryption/KEMs, digital signatures, and hybrid systems.
- During this phase, NIST and the global cryptography community continued to analyze the algorithms, focusing on both theoretical security and practical implementation.
Phase 3: Final Round of Evaluation (2020β2022)
- NIST narrowed the field to 15 finalist algorithms and 7 alternate candidates. These finalists represent the most promising algorithms in terms of security, performance, and ease of implementation.
- NIST aims to finalize the selection of algorithms that will be standardized for post-quantum cryptography in this phase.
Phase 4: Draft Standards and Finalization (2023 and beyond)
- Once the final algorithms are selected, NIST will release draft standards for post-quantum cryptographic algorithms. After further review and public feedback, the final standards will be published, guiding the transition to quantum-resistant cryptography.
Candidate Algorithms in the Post-Quantum Standardization Process
The candidate algorithms in the NIST process are based on various hard mathematical problems that quantum computers are not expected to solve efficiently. These algorithms fall into several categories:
1. Lattice-Based Cryptography
- Lattice-based cryptographic algorithms rely on the difficulty of solving problems in high-dimensional lattices, such as the Learning with Errors (LWE) or Short Integer Solutions (SIS) problems.
- Candidate Algorithms: Kyber (KEM), Dilithium (digital signatures), NTRUEncrypt (encryption), and Falcon (digital signatures).
- Applications: Secure communications, digital signatures, key encapsulation.
2. Code-Based Cryptography
- Code-based cryptography is based on the hardness of decoding random linear error-correcting codes, a problem that remains hard for both classical and quantum computers.
- Candidate Algorithms: Classic McEliece (KEM), BIKE (KEM), and HQC (KEM).
- Applications: Public-key encryption, key encapsulation, secure communications.
3. Hash-Based Cryptography
- Hash-based cryptography uses cryptographic hash functions to build quantum-resistant digital signatures. These algorithms rely on the security of hash functions like SHA-256, which are considered resistant to quantum attacks.
- Candidate Algorithms: SPHINCS+ (digital signatures).
- Applications: Long-term digital signatures, secure authentication.
4. Multivariate Polynomial Cryptography
- Multivariate polynomial cryptography relies on the hardness of solving systems of multivariate quadratic equations, which are difficult for quantum computers to solve.
- Candidate Algorithms: Rainbow (digital signatures).
- Applications: Digital signatures, secure communications.
5. Isogeny-Based Cryptography
- Isogeny-based cryptography uses the difficulty of finding isogenies between supersingular elliptic curves. This method provides small key sizes but is computationally more intensive than other candidates.
- Candidate Algorithms: SIKE (KEM).
- Applications: Key exchange, secure communications with limited bandwidth.
Criteria for Algorithm Selection
NIST is evaluating the candidate algorithms based on several key criteria, including:
- Security: The algorithms must resist both classical and quantum attacks, including known vulnerabilities and emerging threats.
- Performance: The algorithms must perform efficiently on a variety of platforms, including both high-performance systems and resource-constrained devices like IoT devices.
- Key Size and Signature Size: The size of public and private keys, as well as signature and ciphertext sizes, must be practical for real-world applications, especially in bandwidth-limited environments.
- Implementation Feasibility: The algorithms must be easy to implement and integrate into existing systems, with minimal disruption to infrastructure.
Timeline for Post-Quantum Cryptography Standards
- 2023: NIST is expected to release draft standards for the selected post-quantum algorithms.
- 2024β2026: Final post-quantum cryptographic standards will be published, providing a roadmap for transitioning from classical cryptographic algorithms to quantum-resistant ones.
- 2027 and Beyond: Widespread adoption of post-quantum cryptographic algorithms in secure communications, data encryption, financial systems, and government networks.
Preparing for Post-Quantum Cryptography
Organizations should begin preparing for the transition to post-quantum cryptography by evaluating their current cryptographic systems and identifying which components are vulnerable to quantum attacks. Steps for preparation include:
Assessing Cryptographic Infrastructure:
- Identify which cryptographic algorithms are in use (e.g., RSA, ECC, Diffie-Hellman) and assess their quantum vulnerability.
Exploring Post-Quantum Algorithms:
- Experiment with candidate algorithms, such as Kyber, Dilithium, or Classic McEliece, in non-critical systems to assess their performance and integration feasibility.
Adopting Hybrid Cryptography:
- Implement hybrid systems that combine classical cryptographic methods with quantum-resistant algorithms, providing immediate security while preparing for the quantum future.
Monitoring NISTβs Standardization Process:
- Stay informed about developments in the post-quantum cryptography standardization process, especially as final algorithms are selected and standardized.
Conclusion
The Post-Quantum Cryptography Standardization Process is critical for ensuring the future security of digital communications, financial systems, and government networks in a world where quantum computers pose a significant threat to classical cryptography. By developing and standardizing quantum-resistant algorithms, NIST is laying the groundwork for a secure, post-quantum future. Organizations must begin planning and adopting these new cryptographic systems to protect their data and communications from the coming quantum revolution.
For more information on how SolveForce can help your organization prepare for the transition to post-quantum cryptography, contact us at 888-765-8301.