Thales Blog

NIST Announced Four Quantum-Resistant Cryptographic Algorithms

July 19, 2022

John Ray John Ray | Director, HSM Product Management More About This Author >

The National Institute of Standards and Technology (NIST) has selected the first collection of encryption tools designed to withstand the assault of a future quantum computer, which might compromise the security employed to preserve privacy in the digital systems we rely on. The announcement follows a six-year effort managed by NIST, which in 2016 called the world's cryptographers to develop and vet encryption methods that could withstand an attack from a future quantum computer.

The four selected cipher algorithms will be incorporated into the NIST's post-quantum cryptographic standard, which is expected to be finalized in around two years.

NIST has selected the CRYSTALS-Kyber algorithm for use in general encryption. Among its benefits is the ease with which two parties can exchange relatively modest encryption keys and its speed of operation.

CRYSTALS-Dilithium, FALCON, and SPHINCS+ are the three algorithms chosen by NIST for digital signatures. NIST recommends CRYSTALS-Dilithium as the principal algorithm and FALCON for applications that require smaller signatures than Dilithium provides. Reviewers remarked on the great efficiency of the first two algorithms, and based on this, CRYSTALS-Dilithium is recommended as the primary method. The third, SPHINCS+, is somewhat larger and slower than the other two, but it is a valuable backup because it is based on a different mathematical approach than the other three NIST options.

Three of the selected algorithms (CRYSTALS-Kyber, Crystals-Dilithium, and Falcon) are based on a family of math problems called structured lattices, while SPHINCS+ uses hash functions. “We wanted to ensure that we had another algorithm in case someone discovers a breakthrough and there’s some attack on lattices … we want to have an algorithm based on another type of [cryptographic] family,” says NIST mathematician and project lead Dustin Moody.

This is also why NIST and Thales have constantly advocated for "crypto-agility," or the development of encryption protocols that can transition between algorithms with minimal impact on performance and dependability.

Thales innovates in crypto-research

Thales is excited that the FALCON algorithm was sponsored and co-developed by our company along with academic and industrial partners from France (University of Rennes 1, PQShield SAS), Switzerland (IBM), Canada (NCC Group), and the US (Brown University, Qualcomm).

“The race for quantum is heating up. But whilst it presents some ground-breaking possibilities, once it is realized, it will present an ever-growing challenge to tech teams across the world on how they can defend themselves against quantum power. Thales has been at the forefront of post-quantum cryptography research since 2013, and the selection of the Falcon algorithm by NIST is great recognition of the excellent work and expertise of our crypto teams.

However, algorithms are just one part of protecting against the looming Quantum threat. For many organizations looking to protect their data, they must adopt a strong Quantum Crypto Agility strategy, encouraging their company to assess their crypto inventory and readiness – in order to begin planning a quantum safe architecture. By beginning this process early, it will help to ensure a smooth transition when it comes to protecting data against this new threat vector. As well as enabling organizations to hire and train the relevant talent and skills across their teams,” said Todd Moore, VP, Encryption Products at Thales Cloud Protection and Licensing.

Offering solutions to help you prepare for the future now

NIST encourages security professionals to explore the new algorithms and consider how their applications will use them while the standard is still in development. However, the agency advises against baking these algorithms into their systems just yet, as the algorithms may change slightly before the standard is finalized.

Thales has solutions that you can take advantage of quantum-resistant algorithms today. Thales provides quantum-resistant network encryption and hardware security modules that can protect customer data against future quantum attacks by already customers to implement several quantum-resistant algorithms.

  • Thales Luna Hardware Security Modules (HSMs):
    • Thales has a customizable Functionality Module (FM) available today that provides several quantum-resistant algorithms for you to utilize or experiment within.
    • Several Thales technology partners have created their own FM variants that implement these algorithms within their own Post-Quantum Cryptography (PQC) applications.
    • Alternatively, you can create your own FM implementing any available quantum-resistant algorithms.
  • Thales High-Speed Encryptors (HSE):
    • provides quantum-resistant network encryption solutions that protect customer data against future quantum attacks and allow you to seamlessly implement several quantum-resistant algorithms in your existing crypto infrastructure.
    • HSE offers the ability to use quantum entropy in the creation of your keys.
    • HSE currently supports the ETSI Quantum Key Distribution (QKD) interface.

The importance of having a crypto agility strategy

At Thales, we recognize that algorithms are just one part of protecting against the Quantum threat. For organizations to protect their data in a Zero Trust world, they must embrace a strong Post Quantum crypto-agility strategy that looks beyond algorithms, to hybrid solutions that provide future protection today, to consider Quantum Key Distribution (QKD) solutions, and of course Quantum Resistant Algorithms that are standardized through leading organizations such asETSI, and Open Quantum Safe, as well as NIST.

Be proactive! Prepare now!

Being crypto-agile is a best practice that we apply consistently and we advise our customers to do the same. We purposely support many different algorithms to help you to be agile. To prepare for Post Quantum Crypto (PQC), there will be a new batch of algorithms to support. We encourage you to start preparing today by assessing your crypto inventory and your overall PQC readiness. Begin planning for a quantum-safe architecture. First, begin by looking at all your applications that depend on crypto. If you were to change an algorithm, would the application still be working? If not, what do you need to do to make them work? Be sure to do this for every crypto-dependent application in your organization to map out a plan that will allow for business continuity. Beginning early will help your organization have a smooth transition to protecting its data in a PQC world.

Use our free Thales Post-Quantum Crypto-Agility Risk Assessment Tool which will help you have a better understanding of whether your organization is at risk of a post-quantum breach, learn about the scope of work required, and what you should be doing today to be post-quantum ready.