In recent years, there has been a substantial amount of research on quantum computers – machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. A threat actor could take advantage of a sufficiently powerful quantum computer in the future to decrypt, read, or access sensitive information protected by many of the public-key encryption systems currently in use. This would provide opportunities to compromise the confidentiality and integrity of digital communications on the Internet and elsewhere.
In July 2022, NIST selected four selected encryption algorithms to become part of NIST’s post-quantum cryptographic standard, expected to be finalized in about two years. The announcement follows a six-year effort managed by NIST, which in 2016 called upon the world’s cryptographers to devise and then vet encryption methods that could resist an attack from a future cryptographically relevant quantum computer.
The selected algorithms will lead to standards that address the risks from the advent of cryptographically relevant quantum computers.
The post-quantum algorithms selected by NIST are designed for two main tasks for which encryption is typically used: general encryption, used to protect information exchanged across a network; and digital signatures, used for identity authentication. All four of the selected algorithms were created by experts collaborating from multiple countries and institutions.
While the standard is in development, NIST encourages security experts to explore the new algorithms and consider how their applications will use them, but not to bake them into their systems yet, as the algorithms could change slightly before the standard is finalized.
At NIST’s applied cybersecurity center, the National Cybersecurity Center of Excellence, a Migration to Post-Quantum Cryptography project has begun work to explore tools that can be used to discover where public-key cryptography is being used throughout an enterprise’s IT architecture: in hardware, firmware, operating systems, communication protocols, cryptographic libraries, and applications – whether they’re in data centers, on-prem, in the cloud, or across distributed computer, storage, and network infrastructures. While this work does not focus on the selected algorithms, the discovery process will enable risk assessments that will help prioritize implementations of post-quantum cryptography.
NIST’s NCCoE Applied Cryptography focus bridges the gap between development of new post-quantum cryptographic algorithms and their use in information and communication technology.
During this 30-minute webinar, speakers will:
- Update attendees on NIST’s Post-Quantum Cryptography Standardization Process.
- Provide an overview of NCCoE’s recently launched Migration to Post-Quantum Cryptography project.
- Highlight ways attendees can stay informed about NIST’s post-quantum cryptography efforts.
There will be 15 minutes of moderated Q&A at the end of the webinar.
- Bill Newhouse, Cybersecurity Engineer, NIST, National Cybersecurity Center of Excellence
- Dustin Moody, Mathematician, Cryptographic Technology Group, NIST
- NCCoE Migration to Post-Quantum Cryptography project page
- NIST Post-Quantum Cryptography Standardization page
Recording Note: Portions of the event may be recorded and audience Q&A or comments may be captured. The recorded event may be edited and rebroadcast or otherwise made publicly available by NIST. By registering for — or attending — this event, you acknowledge and consent to being recorded.