Key Take-Aways from the NIST PQC Conference
The NIST PQC Conference was a great three days, jam-packed with critical information. We will see the first half of standards finalized by December 2021/January 2022 (in about 6 months). The second half of standards will take another 12-18 months to finalize.
The key take-aways from the conference are as follows:
· Multivariate (digital signature) schemes (Rainbow and GeMSS)have created some concerns about the security, hence a separate track will be running concurrently for quantum-resistant digital signatures, which are not lattice-based, where SPHINCS+ is most likely to be among the selected schemes
· Many optimizations for various schemes at the software level have been developed
· Great progress has been made on hardware accelerators for various PQC schemes, making already practical schemes even more practical and close to classical cryptography performance
· More countermeasures against various side-channel attacks have been developed
· NCCoE publication, run by NIST and DHS on the topic of cryptographic migration to PQC standards, has issued a request for comments, which InfoSec Global will contribute to. The name of the document is Crypto Agility: Considerations for Migrating to Post-Quantum Cryptographic Algorithms.
· The need for addressing PQC in DNS SEC has risen
· The need for OIDs for PQC to be added has been declared
· Microsoft has issued a monetary prize initiative for breaking toy examples of SIDH/SIKE's underlying hard problem. Both parameters are toy version, with 5000 USD prize for the smaller one and 50,000 USD for the bigger one. This is analogues to RSA money prizes. No other PQC candidate schemes have that.
