The United States’ National Institute of Standards and Technology (NIST) has debuted three new encryption algorithms that it claims will help safeguard critical data from cyber attacks originating from quantum computers

The quantum-safe algorithms are the first fully-realised ‘product’ to emerge from NIST’s eight-year post-quantum cryptography (PQC) standardisation project and are available for immediate use.

Progress towards the standards’ debut has been a collaborative effort that has seen cryptography experts from all over the world conceive, submit and evaluate quantum-safe algorithms. Overall, NIST assessed 82 algorithms contributed by researchers from 25 countries, and whittled them down to a top 14, which were categorised into finalist and alternative algorithms.

The result is described by NIST director and US under-secretary of commerce for standards and technology, Lauria Locascio, as “the capstone of NIST’s efforts to safeguard our confidential electronic information”.

Locascio said: “Quantum computing technology could become a force for solving many of society’s most intractable problems, and the new standards represent NIST’s commitment to ensuring it will not simultaneously disrupt our security.”

Although the quantum computer that is capable of breaking ordinary encryption methods has not yet appeared, NIST is encouraging admins to begin work on incorporating them into their systems right away, said Dustin Moody, NIST lead mathematician on the PQC project.

“There is no need to wait for future standards,” said Moody. “Go ahead and start using these three. We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event.”

Key tasks The new standards have been designed to fulfil two key tasks that encryption is typically used for – general encryption, which protects information travelling across public networks; and digital signatures, which are used for authentication. The four algorithms initially slated for use last year were CRYSTALS-Kyber, CRYSTALS-Dilithium, Sphincs+ and FALCON – which will move forward later in 2024. These have now been renamed to better specify the versions of these algorithms that appear in the finalised standards. As such, CRYSTALS-Kyber has now become Federal Information Processing Standard (FIPS) 203 or Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM). This will be the primary standard for general encryption – it has relatively small encryption keys that are easily exchanged between parties, and operates at speed, making it the best candidate for this use case. Meanwhile, CRYSTALS-Dilithium, now known as FIPS 204 or Module-Lattice-Based Digital Signature Algorithm (ML-DSA) will become the primary standard for protecting digital signatures, while Sphincs+ becomes FIPS 205 or Stateless Hash-Based Digital Signature Algorith (SLH-DSA), serving as a second backup method for ML-DSA. FALCON will be designated as FIPS 206, or fast-Fourier transform (FFT) over NTRU-Lattice-Based Digital Signature Algorithm (FN-DSA) once released.