Thales Blog

3 Key Takeaways from the recently announced NIST Post-Quantum Cryptography Standards

September 7, 2023

Todd Moore Todd Moore | VP Encryption Products, Thales More About This Author >

The world relies on many protective measures today, even if it isn’t something you notice. Everything people interact with regularly, from cell phones and smart technology to websites, from payment transactions to city infrastructures, is secured by underpinning technology with safeguards and checks. The ability of Quantum computers to break these safeguards quickly and easily is the key reason governments and regulatory bodies have been taking action for years to prepare new Quantum-safe algorithms that will update these safeguards to keep these ongoing protections. NIST, the US National Institute of Standards and Technology, recently announced their first draft standards supporting the transition to a quantum secure cryptographic future. These new cryptographic algorithms will become part of the future regulations organizations must meet to be FIPS-compliant and Quantum-safe. Here are 3 key takeaways from this announcement:

1) The algorithms

The candidate algorithms popularly known by names chosen by their submitters will be assigned regulatory names by NIST -- specifically:

a. KEM - CRYSTALS-KYBER becomes --> FIPS 203 Module-Lattice-based Key-Encapsulation Mechanism Standard (ML-KEM)

b. Signature - CRYSTALS-DILITHIUM becomes --> FIPS 204 Module-Lattice based Digital Signature Standard (ML-DSA)

c. Signature -- SPHINCS+ becomes --> FIPS 205 Stateless Hash-Based Digital Signature Standard (SLH-DSA)

Note that the announcement only contains 3 candidate algorithms today, with a promise to include a 4th digital signing algorithm in the not-too-distant future.

The current draft standards have made tweaks to the submitted algorithms and fixed/limited various parameters which means that any implementations based on the originally submitted reference algorithms will not be compatible with the new standards. This is "as expected" and follows a long-time pattern for NIST. It is also more likely that the public comment period will result in further tweaks to these standards. The NIST comment period is 90 days, with an end date targeting November 22, 2023, as the last submission date. Assuming this timeline is preserved, we could see formalized standards as early as the first half of 2024.

2) The Need to Act Now

NIST emphasizes that organizations should act immediately to prepare for Quantum computing attacks. With the speed at which tech giants are racing to create a Quantum computer and the large amounts of money being invested at both the private and public level, there is little doubt that a commercially viable Quantum Computer could happen soon. While these computers may not likely be deployed for typical use cases in the near term, their ability to be used by cyber threat actors is no less real.

Many cyber threat actors are already stealing and harvesting data to set it aside until they can break the current encryption algorithms with a powerful enough Quantum computer. This is especially true with any data with a long secrecy lifetime. This strategy is known as Harvest Now, Decrypt Later, and it is prompting regulatory bodies such as NIST to begin putting tried and tested standards in place as quickly as possible to offset this threat.

The adage that “the best defense is a good offense” is relevant to many real-life scenarios, including preparing for post-quantum computers. NIST is inching closer to helping organizations prepare for the emergence of post-quantum computing by formalizing a set of encryption and digital signing algorithms that will help counter a quantum computer attack. No one is 100% sure when a post-quantum computer with enough performance will be commercially available to provide an attack. However, getting prepared now makes a lot of sense since there will be little to no time to react when that day occurs.

But the most important reason for organizations to act immediately on a threat that isn’t even here yet is that the majority of data centers cannot easily pivot their cryptography. Organizations have been coached by many different government and regulatory bodies to take an immediate inventory of their cryptographic assets and build an assessment of your post-quantum computing risk. The idea is to understand your vulnerabilities and fill any holes in your network security strategy related to symmetric key lengths or asymmetric cryptographic algorithms. Importantly, all of this takes significant time.

3) The Importance of Crypto Agility

NIST also was sure to emphasize the critical nature of being crypto agile. Organizing your keys and cryptography into a central location helps streamline and organize a data center, but it helps ensure one’s ability to be crypto agile. Being crypto agile is an increasingly popular strategy to help data centers and organizations be ready to react to any changes that may need to occur. The change may be needed in response to the threat of Quantum computers, or it may be something else entirely. At the heart of crypto agility is the ability to be flexible, adaptable, and have no built-in obsolescence.

The proposed NIST algorithms have been available to the public for several years. By building a cryptographic agile system, organizations can easily experiment and test these new algorithms well before the final release or updated compliance regulations. For organizations that have built programmable elements into their networks, replacing a classical algorithm with a newly approved NIST algorithm will be simple. Organizations that have prepared properly have little to no impact of rotating from a traditional algorithm to these next generation cryptographic algorithms.

Many considerations that must be taken into account when changing cryptographic algorithms, including interoperability, performance, memory constraints, and usability. Starting early to ensure that you have tested impacted use cases will be an important factor in ensuring that no gaps are left unfilled. Also, it’s important to understand and address your secure data use cases, including data at rest, in use and in motion.

Thales has data security solutions today that support all of the NIST proposed algorithms. We have developed various prototypes to allow users to begin the testing process now instead of waiting until the “zero day” event of a commercial quantum computer. It’s prudent and forward thinking to start the preparation process now, including adding programmable cryptographic elements, versus waiting for the inevitable regulation requiring these new algorithms. Migrations can be simplified and more cost effective through careful planning.

At Thales, we have been championing crypto agility for many years. We have worked hard to ensure that crypto agility is built into all our products. Whether you are looking for Quantum-safe solutions for your data in motion or at rest, Thales has the solution today to help.

Learn more about our solutions or take our free 5-minute PQC risk assessment tool to help your organization prepare to be Quantum-safe.