The National Institute of Standards and Technology (NIST) is making progress on post-quantum cryptography (PQC) standards, as the agency this week released draft standards for three of the four algorithms it selected in July 2022 for standardization.
The new Federal Information Processing Standard (FIPS) drafts are as follows:
- CRYSTALS-Kyber, designed for general encryption purposes such as creating secure websites, is covered in FIPS 203.
- CRYSTALS-Dilithium, designed to protect the digital signatures we use when signing documents remotely, is covered in FIPS 204.
- SPHINCS+, also designed for digital signatures, is covered in FIPS 205.
In addition, FALCON, the fourth candidate selected last year and also designed for digital signatures, is slated to receive its own draft FIPS in 2024.
The worldwide cryptographic community can now provide feedback on the draft standards until Nov. 22 of this year. The publications provide details that will help users implement the algorithms in their own systems, such as a full technical specification of the algorithms and notes for effective implementation. Additional guidance will be forthcoming in companion publications, according to Dustin Moody, a NIST mathematician and leader of the project
“We’re getting close to the light at the end of the tunnel, where people will have standards they can use in practice,” Moody said. “For the moment, we are requesting feedback on the drafts. Do we need to change anything, and have we missed anything?”
In addition to the four algorithms NIST selected last year, a second set of algorithms were chosen for ongoing evaluation at the same time, and NIST plans to publish at least one or two additional draft standards next year based on those algorithms.
NIST is accepting feedback from the public on the FIPS 203, 204 and 205 draft standards until Nov. 22, 2023. Comments can be submitted to FIPS-203-comments@nist.gov, FIPS-204-comments@nist.gov and FIPS-205-comments@nist.gov.
This news comes after NIST last month said it had received 40 more new, qualified candidates for standardization of PQC digital signature schemes.
Also, earlier this week, NIST, along with the US Cybersecurity and Infrastructure Security Agency, the National Security Agency published a fact sheet detailing threats and recommendations for PQC implementation.
Dan O’Shea has covered telecommunications and related topics including semiconductors, sensors, retail systems, digital payments and quantum computing/technology for over 25 years.