Today, the National Institute of Standards and Technology (NIST) released three, long-awaited quantum-resistant standards, with more publications expected to augment this initial set.
The three standards that were published remain substantially similar to the drafts that were released in August 2023.
Quick Refresher on the NIST Post-Quantum Cryptography Standardization Project
Before we dive into the new algorithm descriptions, let’s first look back at the NIST Post-Quantum Cryptography Standardization Project.
Quantum computers, once powerful enough, will be able to break public-key encryption (like RSA and ECC, for example). This type of quantum computer is known as a Cryptographically Relevant Quantum Computer, or CRQC.
To prevent these crucial security foundations from unraveling, NIST began a standardization project to develop quantum-safe cryptography. This journey began in 2016, when they first solicited viable algorithms that wouldn’t be susceptible to a quantum computer’s ability to factor the prime numbers used in public-key encryption.
NIST received 82 initial submissions, and after several rounds of public comment and ongoing refinement—and even one false alarm—we now have our first three standards.
Each is explained below.
FIPS 203, FIPS 204 and FIPS 205
Quantum computers threaten the security of current standards—specifically public-key encryption models—and these new standards are meant to withstand such attacks.
ML-KEM: FIPS 203
A Module-Lattice-Based Key-Encapsulation Mechanism Standard
Designed for more general encryption use cases, FIPS 203 details a key encapsulation mechanism, which is used to establish a shared secret key between two users who communicate over a public channel.
According to the newly published standard, “The security of ML-KEM is related to the computational difficulty of the Module Learning with Errors problem. At present, ML-KEM is believed to be secure, even against adversaries who possess a quantum computer.”
Learn more about FIPS 203.
ML-DSA: FIPS 204
A Module-Lattice-Based Digital Signature Standard
FIPS 204 emphasizes the need for secure digital signatures, which are used to detect unapproved changes to information and authenticate identities. Recipients also use digital signatures to verify data as legitimate and tamper-free (an act known as non-repudiation).
This standard specifically details a set of algorithms used to generate and verify digital signatures, and “ML-DSA is believed to be secure, even against adversaries in possession of a large-scale quantum computer.”
SLH-DSA: FIPS 205
A Stateless Hash-Based Digital Signature Standard
FIPS 205 describes a stateless hash-based digital signature algorithm that’s also used to authenticate and verify signatories of data.
Learn more about FIPS 205.
More PQC Standards to Come
The standardization process for a fourth standard, FIPS 206 (derived from FALCON), is expected to commence this month. From there, NIST will continue to work on including the new standards in both national and international standards bodies.
Why Your Post-quantum Preparation Needs to Start Sooner, not Later
NIST’s progress on releasing these three standards is a monumental milestone in the quantum computing space, and there’s no doubt that advancements will pick up momentum from here.
That means now is the time to prepare for a post-quantum world.
What does that mean, exactly?
My colleague, Kevin Bocek, senior vice president of innovation at CyberArk, urges us to focus less on the cryptographic algorithms themselves, and more on what’s being used, where and how.
In other words, he stresses the importance of machine identity security, which provides the visibility, automation and centralized oversight that allows you to take stock of your current cryptographic assets, thereby enabling you to gauge your level of quantum risk.
By building an inventory of your cryptographic systems (i.e. digital certificates and keys), and automating their lifecycles, you’ll be well-suited when you test and migrate to quantum-resistant cryptography, like what’s delineated in FIPS 203, 204 and 205.
And we really can’t stress enough the urgency of starting sooner rather than later, because these migrations, historically, take a lot of time, effort and careful coordination to complete. Just look at SHA-1 as an example—in some cases, that migration was still happening a decade after the algorithm had been deprecated.
What’s more, “steal now, decrypt later” attacks are already happening, which involve a threat actor stealing encrypted information with the plan to use a quantum computer to decrypt it later.
Prepare for a Post-Quantum World
At CyberArk, machine identity automation is our bread and butter, but we don’t stop there. We also provide robust readiness solutions that can help you prepare for large-scale cryptographic events like migrating to post-quantum cryptography.
And we can help you do it before quantum computers arrive on the scene, so you and your team can avoid security scrambles. How? CyberArk Certificate Manager (Formerly know as TLS Protect) and CyberArk Code Sign Manager (formerly known as CodeSign Protect) are already equipped with features that allow you to test and experiment with post-quantum algorithms.
Kaitlin Harvey is a digital content manager for machine identity security at CyberArk.
