NIST Releases Finalized Post-Quantum Encryption Standards
The National Institute of Standards and Technology has released three new encryption standards that have been developed to resist decryption via quantum computing. Current public-key encryption systems render data unintelligible and are widely used to secure communications and transactions to prevent unauthorized access to data. These encryption methods rely on math problems that even today’s most powerful supercomputers cannot defeat. That could all change, however, with quantum computers. Data encrypted today using the most powerful encryption algorithms could be stolen and decrypted at a later date when quantum computers become readily available.
Quantum computers are still in the early stages of development; however, researchers have created a processor comprised of fast, high-fidelity quantum logic gates, which in benchmark testing, performed a computation in 200 seconds that it would currently take the world’s fastest supercomputer 10,000 years to product a similar output. Quantum computers pose a significant threat to encryption systems, hence the need for new encryption standards. Some experts in the field predict that the first quantum computer capable of breaking current encryption methods could be developed within the next decade.
Encryption is used to prevent unauthorized access to sensitive data, from government communications to online transactions, and if encryption can be defeated, the privacy and security of individuals, organizations, and entire nations would be under threat. In 2016, NIST called upon the leading cryptographers to devise encryption methods capable of resisting decryption via quantum computing, and in July 2022, NIST announced the first four quantum-resistant cryptographic algorithms, which NIST has been incorporating into its post-quantum cryptographic standards.
In May 2024, NIST released its first post-quantum cryptographic standards and on August 13, 2024, the first three finalized standards from its post-quantum cryptography (PQC) standardization project were released. NIST is continuing to evaluate two other sets of algorithms that could serve as backup standards. The three finalized encryption standards have been developed using different key algorithms, one for general encryption to protect information exchanged over a public network (ML-KEM), one for digital signatures that are used for identity authentication (ML-DSA), and one as a backup digital signature method (SLH-DSA).
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The standards include the encryption algorithms’ computer code, instructions for how to implement them, and their intended uses. ML-KEM is used in the FIPS 203 standard which can be used for protecting communication systems. ML-DSA is used in the FIPS 204 standard and is intended for use in electronic documents and to secure communications, and SLH-DSA is used in the FIPS 205 standard as a backup for FIPS 204.
“These finalized standards include instructions for incorporating them into products and encryption systems,” said Dustin Moody, head of the NIST PQC standardization project. “We encourage system administrators to start integrating them into their systems immediately, because full integration will take time.” Tech firms such as Google, Apple, Signal, and Zoom have already started implementing NIST’s post-quantum encryption standards.
