The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has formalised the world's first post-quantum security standards.
The post-quantum cryptography (PQC) standards include three cryptographic algorithms designed to protect against quantum computers' encryption-busting power. Data that is not secured with PQC today will be vulnerable to “harvest now, decrypt later” attacks, in which bad actors steal the information and wait until the hardware becomes available that will allow them to gain access to it.
ML-KEM (originally known as CRYSTALS-Kyber) is a key encapsulation mechanism for general encryption tasks such as access to secured websites. The second standard is called ML-DSA (originally CRYSTALS-Dilithium) and is a lattice-based algorithm for general-purpose digital signature protocols.
Both were developed by IBM researchers in collaboration with academics and industry partners.
The third published algorithm, SLH-DSA was initially submitted as SPHINCS+ and has been co-developed by a researcher who has now joined IBM. It is a stateless hash-based digital signature scheme.
A fourth IBM-developed algorithm, FN-DSA (originally called FALCON), has been selected for future standardization.
IBM said the official publication of these algorithms "marks a crucial milestone to advancing the protection of the world’s encrypted data" from cyberattacks leveraging the "unique power of quantum computers, which are rapidly progressing to cryptographic relevancy."
It warned that quantum computers will "harness enough computational power to break the encryption standards underlying most of the world’s data and infrastructure today."
“IBM’s mission in quantum computing is two-fold: to bring useful quantum computing to the world and to make the world quantum-safe," said Jay Gambetta, Vice President of IBM Quantum. "We are excited about the incredible progress we have made with today’s quantum computers, which are being used across global industries to explore problems as we push towards fully error-corrected systems.
“However, we understand these advancements could herald an upheaval in the security of our most sensitive data and systems. NIST’s publication of the world’s first three post-quantum cryptography standards marks a significant step in efforts to build a quantum-safe future alongside quantum computing.”
Existing public-key cryptographic schemes such as the Rivest-Shamir-Adleman (RSA) cryptosystem rely on the difficulty of factoring large numbers into prime factors.
While computer scientists believe classical computers to be more or less incapable of factoring numbers larger than 2048 bits, research has found that a quantum computer could break RSA-2048 in a matter of hours by applying Shor’s algorithm.
PQC standards apply the complex mathematics of polynomial lattices and hash functions, which means that even quantum computers would have a tough time cracking them.
Vadim Lyubashevsky, IBM cryptography researcher and co-developer of the CRYSTALS algorithm suite, said: “Algorithms based on lattices when designed properly are actually more efficient than algorithms being used today. While they might be larger than classical cryptography, their running time is faster than the classical algorithms based on discrete, larger RSA or elliptic curves.”
Zoom and Apple’s iMessage have reportedly implemented ML-KEM. Cloudflare is also said to be "progressively enabling" a version of ML-KEM, and Google Chrome is "actively rolling out support for a hybrid KEM scheme."
When will quantum computers be available?
Applying PQC is likely to be a growing priority for organisations over the next five years. Quantum computers are "quickly accelerating to useful and large-scale systems", IBM said in a statement. Its own Quantum Development Roadmap sets out plans to deliver the first error-corrected quantum system by 2029.
This system is expected to run hundreds of millions of quantum operations to solve problems that are currently impossible (or at least very long-winded) for classical computers to crack.
IBM’s roadmap includes plans to expand this system to run upwards of one billion quantum operations by 2033.
Tom Patterson, Emerging Technology Security lead at Accenture, told The Stack: "The NIST announcement on new global encryption standards for quantum marks a pivotal moment in our cybersecurity landscape. As quantum computers emerge, they present a significant risk to our current encryption methods.
"Organisations must assess their quantum risk, discover vulnerable encryption within their systems, and develop a resilient cryptographic architecture now. We’ve been focused on helping our clients through each phase of this critical transition for years and, with these new standards, will work with organisations to help them maintain their cyber resilience in the post-quantum world."