logo 9


Post-Quantum PKI

First three PQC standards coming this summer, according to NIST

Post Quantum PKI 

The National Institute of Standards and Technology (NIST) is set to publish its first three finalized post-quantum cryptography (PQC) standards this summer, as highlighted by Dustin Moody, a mathematician in NIST’s Computer Security Division.

Moody, who has been leading the standardization process, expressed excitement about the imminent release of these standards during a recent webinar hosted by the Advanced Technology Academic Research Center (ATARC).

The publication of these standards marks a significant milestone in a project that began in 2016, where dozens of initial candidates were evaluated, and four algorithms were selected for further development two years ago. The first three standards to be published are:

1.    CRYSTALS-Kyber (FIPS 203): This key encapsulation method (KEM) algorithm, with a lattice-based structure, is designed for general encryption purposes such as securing websites.

2.    CRYSTALS-Dilithium (FIPS 204): Another lattice-based algorithm, CRYSTALS-Dilithium, is tailored for protecting digital signatures used in remote document signing. It is expected to be the more commonly used PQC choice for digital signatures due to its lower complexity and easier implementation compared to SPHINCS+.

3.    SPHINCS+ (FIPS 205): This hash-based scheme is also designed for digital signatures and serves as a crucial backup to lattice-based algorithms, ensuring diversity in cryptographic methods.

The fourth algorithm, FALCON, another lattice-based design for digital signatures, is anticipated to have its draft FIPS published in 2024. Moody emphasized the importance of having SPHINCS+ as a backup while researchers continue exploring new ways to challenge and improve lattice-based structures.