The National Institute of Standards and Technology (NIST) released its first three post-quantum cryptography (PQC) standards, a world-first designed to meet the threat of powerful quantum computers as well as the increasing encryption vulnerability to AI-based attacks.

NIST’s new encryption standards target two critical tasks: General encryption and digital signatures. In 2022, NIST selected four algorithms—CRYSTALS-Kyber, CRYSTALS-Dilithium, Sphincs+, and FALCON—for standardization, with draft versions of three released in 2023.

The final standards include FIPS 203, based on the renamed ML-KEM (formerly CRYSTALS-Kyber), designed for general encryption with advantages like small, easily exchanged keys and fast operation.

FIPS 204, the primary standard for digital signatures, uses ML-DSA (formerly CRYSTALS-Dilithium), while FIPS 205 employs SLH-DSA (formerly Sphincs+), offering a different mathematical approach as a backup.

The FIPS 206 draft, expected in 2024, will feature FN-DSA, based on the FALCON algorithm.

The institute is evaluating two additional sets of algorithms as potential backup standards. One set includes three algorithms for general encryption, using different math from the finalized standards, with selections expected by late 2024.

The other set focuses on digital signatures; after a 2022 call for new submissions, NIST is now evaluating these and plans to advance about 15 algorithms to the next round of testing soon.

A Pivotal Step Forward

Adam Everspaugh, cryptography expert at Keeper Security, called the finalization of the standards a “pivotal step forward” in safeguarding digital environments against the threat posed by quantum computing.

“Quantum computing has the potential to revolutionize various fields but also threatens current public key encryption methods,” he said.

The primary attack of concern is store-and-crack, where attackers may capture and store encrypted information and web traffic now, and then, when quantum computers are available, break the encryption to read the data that is stored.

“If this information is still valuable in the future, attackers can use it to exploit sensitive systems, reinforcing the urgency of adopting QRC,” Everspaugh said. “This transition is no longer optional but a necessity.”

He added the cybersecurity industry must prioritize integrating these new cryptographic standards into existing systems, acknowledging that while this process is complex and time-consuming, the time to act is now.

“The collaboration between NIST, CISA, NSA and the broader cybersecurity community has been crucial in reaching this milestone, and continued cooperation will be vital as we move forward,” he said.

Markus Pflitsch, founder and CEO of Terra Quantum, called NIST’s standards a “critical milestone” that should motivate organizations to take the quantum threat seriously and added a comprehensive security strategy would also consider the role of quantum key distribution (QKD), which provides additional layers of security.

“While the U.S. government has been more reserved about embracing QKD compared to Europe, it’s encouraging to see increasing support for a holistic approach to post-quantum cybersecurity,” he said.

Technically Complex, High-Cost Implementation

Jason Soroko, senior vice president of product at Sectigo, pointed out that adopting both PQC and QKD poses challenges like high costs, technical complexity, interoperability issues and scalability concerns.

“To overcome these, organizations should start with pilot programs in high-risk areas, collaborate with vendors and consortia for interoperable solutions, invest in training and adopt a phased deployment strategy, beginning with critical systems and expanding as technology and expertise develop,” he said.

From Soroko’s perspective, organizations should start planning for quantum-resistant solutions immediately.

“The dates of 2029 or 2030 have been discussed as being a date for organizations to assume that RSA and ECC could be deprecated due to advances in quantum computing,” he explained.

In the short term (one to two years), they should assess current cryptographic systems, conduct audits and initiate PQC pilots, ensuring vendor adoption of NIST standards and focus on deploying PQC in production environments and monitor QKD advancements for potential integration in the next three to five years.

“In the long term, aim for full PQC implementation across critical systems, with QKD considered for highly-sensitive sectors,” Soroko said.