The National Institute of Standards and Technology (NIST) has officially published its highly anticipated Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC). This significant development will affect a broad range of entities, including financial institutions and government agencies, particularly those subject to regulatory obligations. Now is an opportune time for businesses of all sizes to reassess and update their encryption strategies, ensuring they stay ahead in cybersecurity by adopting the latest automated cryptography management solutions.
Researchers worldwide are in a race to develop quantum computers, which would function in fundamentally different ways from traditional computers and could potentially break the encryption systems that currently safeguard our online security and privacy. The algorithms announced today represent the first finalized standards from NIST’s PQC standardization project and are now ready for immediate implementation.
These three new standards are designed with the future in mind. As quantum computing technology advances rapidly, some experts anticipate that a device capable of breaking today’s encryption methods could emerge within the next decade, posing significant risks to the security and privacy of individuals, organisations, and nations alike.
Taher Elgamal, ‘the father of SSL’ and senior advisor at SandboxAQ, said, “The NIST PQC Standardisation marks an important step in enhancing the security of our digital infrastructure. By adopting these new standards, we are protecting sensitive data, safeguarding privacy, and maintaining trust in our digital communications. This proactive approach not only prepares us for the quantum era but also strengthens our overall cybersecurity today. We appreciate NIST’s leadership in this effort and thank the scientific community for their significant contributions through numerous cryptographic designs and research papers.”
NIST launched its PQC standardisation program in 2016, with the goal of developing cryptographic methods that can withstand quantum computing threats. The latest announcement introduces the first set of standardised algorithms: one for key agreement and two for digital signatures. These algorithms are designed to ensure the confidentiality, integrity, and authentication of sensitive data, keeping digital communications secure against emerging quantum threats.
FIPS 203: Derived from Kyber, this standard is used in key agreement protocols such as TLS, replacing traditional methods like Diffie-Hellman. It offers fast performance despite the use of larger public keys and ciphertexts.
FIPS 204: Based on Dilithium, this standard is used for digital signatures, providing faster verification than current methods like ECDSA and RSA, though it requires larger signatures (2.5KB) and public keys (1.3KB), and has roughly double the signing time.
FIPS 205: Built on the security of SHA-2 or SHA-3, this standard offers strong security with very small public keys (32 bytes) but generates larger signatures, around 7KB. It is particularly well-suited for applications like firmware updates, where rapid verification is crucial.
This announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC). To transition to these new algorithms effectively, businesses must start by assessing their current cryptography usage. Whether conducted manually or through automated tools, this inventory process is critical. Proper tools and thorough testing are essential to facilitate a seamless shift from old algorithms to new standards.
Dr Marc Manzano, General Manager of the Cybersecurity Group at SandboxAQ, comments, “NIST’s announcement makes it imperative for large enterprises to adopt scalable, automated cryptographic inventory solutions. Modern cryptography management minimizes disruption, mitigates ransomware risks, and facilitates a seamless transition to secure standards.”
Carlos Aguilar-Melchor, chief scientist, cybersecurity at SandboxAQ, added, “The new standards just released today by NIST give enterprises a clear roadmap to upgrade their security and encryption protocols. This transition is an opportunity to move to modern cryptography management models, leading to fewer outages, simpler compliance and governance, shorter and safer migrations, and higher security. We at SandboxAQ have been contributing to these new standards and the published research to validate them”.
To learn more, visit https://www.sandboxaq.com/
