First three PQC standards coming this summer, according to NIST
The National Institute of Standards and Technology (NIST) is planning to publish its first three finalized post-quantum cryptography standards this summer, according to comments by a key NIST official during a recent webcast.
“The goal will be to publish these first PQC standards this summer,” said Dustin Moody, the mathematician in NIST’s Computer Security Division who has been coordinating the standardization process. “That is what we are on track for. We’re in the final stages, and it’s very exciting that we will soon have those standards available.”
Moody’s comments came earlier this month during a webinar presented by the Advanced Technology Academic Research Center (ATARC). The expected arrival of the standards will come roughly two years after four algorithms were chosen for further evaluation from among dozens of initial candidates that were submitted during a project that began in 2016. The first three that will be published are:
- CRYSTALS-Kyber, a key encapsulation method (KEM) algorithm with lattice-based structure designed for general encryption purposes such as creating secure websites, is covered in FIPS 203.
- CRYSTALS-Dilithium, also lattice-based designed to protect the digital signatures we use when signing documents remotely, is covered in FIPS 204.
- SPHINCS+, a hash-based scheme also designed for digital signatures, is covered in FIPS 205.
The fourth pending standard, FALCON, is lattice-based, and is expected to be finished later this year, Moody said.the fourth candidate selected last year and also designed for digital signatures, is slated to receive its own draft FIPS in 2024. Moody also said CRYSTALS-Dilithium is likely to be the more commonly used PQC choice for digital signature because its is less complex and easier to implement that SPHINCS+, but the latter serves an important role as a back-up as researchers continue to work on new ways to challenge lattice-based structures.
Moody also said NIST and its standardization contributors are continuing the process of evaluating more KEM options.
When the initial standards are available, NIST also will offer some guidance for migration to the new standards. “We’ll update a lot of our guidance once the new standards are published,” Moody said. “One topic that’s come up in talking about the transition is implementing these algorithms in what’s called a ‘hybrid mode,’ where you’re combining a PQC algorithm with another currently standardized algorithm. And we’ve heard a lot of feedback from industry that this seems like a good approach to the transition, where we may not have battle-tested implementations of the PQC algorithms, so by combining algorithms in the hybrid mode, you’re kind of hedging your bets.”
Dan O’Shea has covered telecommunications and related topics including semiconductors, sensors, retail systems, digital payments and quantum computing/technology for over 25 years.
