For the second round of its competition, the National Institute of Standards and Technology has chosen 26 algorithms that may help protect electronic information from attack by quantum-enabled computers.
The National Institute of Standards and Technology has been working to ensure that public-key cryptosystems will not be hackable once large-scale quantum computers are built.
Although the delivery timeline of a mature quantum computer is under debate, NIST has already begun to prepare IT security to be able to resist quantum computing. It plans to supplement or replace three standards considered most vulnerable to a quantum attack: FIPS 186-4 -- which specifies the suite of algorithms to use to generate digital signatures-- NIST SP 800-56A and NIST SP 800-56B – which both relate to establishing keys used in public-key cryptography.
In December 2016 NIST launched a public competition to select one or more quantum-resistant public-key cryptographic algorithms.
By December 2017 the agency had selected 69 candidate algorithms from 82 submissions, and on Jan. 30, 2019, narrowed the field to 26 for the second round of the competition, which will evaluate the submissions’ performance across a wide variety of systems.
“We want to look at how these algorithms work not only in big computers and smartphones, but also in devices that have limited processor power,” NIST mathematician Dustin Moody said in an agency statement. “Smart cards, tiny devices for use in the Internet of Things, and individual microchips all need protection too. We want quantum-resistant algorithms that can perform this sort of lightweight cryptography.”
In its Status Report on the First Round of the NIST Post-Quantum Cryptography Standardization Process, which summarizes the 26 candidates, NIST said the contenders were chosen based on three considerations: security, cost and performance, and algorithm and implementation characteristics. In a few cases, an algorithm was chosen "for its uniqueness and elegance," NIST said, because the "diversity of designs will provide an opportunity for cryptographers and cryptanalysts to expand the scope of ideas in their field, and it will also be less likely that a single type of attack will eliminate the bulk of the candidates remaining in the standardization process."
NIST said it hopes the cryptographic community will help evaluate the candidates and provide feedback that supports or refutes the submitters’ security claims. It estimates that this second phase of evaluation and review will last 12 to 18 months, after which a third round may yet be needed.