NIST narrows field of post-quantum crypto contenders
- By Susan Miller
- Feb 04, 2019
The National Institute of Standards and Technology has been working to ensure that public-key cryptosystems will not be hackable once large-scale quantum computers are built.
Although the delivery timeline of a mature quantum computer is under debate, NIST has already begun to prepare IT security to be able to resist quantum computing. It plans to supplement or replace three standards considered most vulnerable to a quantum attack: FIPS 186-4 -- which specifies the suite of algorithms to use to generate digital signatures-- NIST SP 800-56A and NIST SP 800-56B – which both relate to establishing keys used in public-key cryptography.
In December 2016 NIST launched a public competition to select one or more quantum-resistant public-key cryptographic algorithms.
By December 2017 the agency had selected 69 candidate algorithms from 82 submissions, and on Jan. 30, 2019, narrowed the field to 26 for the second round of the competition, which will evaluate the submissions’ performance across a wide variety of systems.
“We want to look at how these algorithms work not only in big computers and smartphones, but also in devices that have limited processor power,” NIST mathematician Dustin Moody said in an agency statement. “Smart cards, tiny devices for use in the Internet of Things, and individual microchips all need protection too. We want quantum-resistant algorithms that can perform this sort of lightweight cryptography.”
In its Status Report on the First Round of the NIST Post-Quantum Cryptography Standardization Process, which summarizes the 26 candidates, NIST said the contenders were chosen based on three considerations: security, cost and performance, and algorithm and implementation characteristics. In a few cases, an algorithm was chosen "for its uniqueness and elegance," NIST said, because the "diversity of designs will provide an opportunity for cryptographers and cryptanalysts to expand the scope of ideas in their field, and it will also be less likely that a single type of attack will eliminate the bulk of the candidates remaining in the standardization process."
NIST said it hopes the cryptographic community will help evaluate the candidates and provide feedback that supports or refutes the submitters’ security claims. It estimates that this second phase of evaluation and review will last 12 to 18 months, after which a third round may yet be needed.
Susan Miller is executive editor at GCN.
Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.
Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.
Connect with Susan at firstname.lastname@example.org or @sjaymiller.