NIST has formally published three post-quantum cryptography standards from the competition it held to develop cryptography able to withstand the anticipated quantum computing decryption of current asymmetric encryption.
There are no surprises – but now it is official. The three standards are ML-KEM (formerly better known as Kyber), ML-DSA (formerly better known as Dilithium), and SLH-DSA (better known as Sphincs+). A fourth, FN-DSA (known as Falcon) has been chosen for future standardization.
IBM, along with industry and academic partners, was involved in developing the first two. The third was co-developed by a researcher who has since joined IBM. IBM also worked with NIST in 2015/2016 to help establish the framework for the PQC competition that officially kicked off in December 2016.
With such deep involvement in both the competition and winning algorithms, SecurityWeek talked to Michael Osborne, CTO of IBM Quantum Safe, for a better understanding of the need for and principles of quantum safe cryptography.
It has been understood since 1996 that a quantum computer would be able to decipher today’s RSA and elliptic curve algorithms using (Peter) Shor’s algorithm. But this was theoretical knowledge since the development of sufficiently powerful quantum computers was also theoretical. Shor’s algorithm could not be scientifically proven since there were no quantum computers to prove or disprove it. While security theories need to be monitored, only facts need to be handled.
“It was only when quantum machinery started to look more realistic and not just theoretic, around 2015-ish, that people such as the NSA in the US began to get a little concerned,” said Osborne. He explained that cybersecurity is fundamentally about risk. Although risk can be modeled in different ways, it is essentially about the probability and impact of a threat. In 2015, the probability of quantum decryption was still low but rising, while the potential impact had already risen so dramatically that the NSA began to be seriously concerned.
It was the increasing risk level combined with knowledge of how long it takes to develop and migrate cryptography in the business environment that created a sense of urgency and led to the new NIST competition. NIST already had some experience in the similar open competition that resulted in the Rijndael algorithm – a Belgian design submitted by Joan Daemen and Vincent Rijmen – becoming the AES symmetric cryptographic standard. Quantum-proof asymmetric algorithms would be more complex.