January 31, 2019

NIST Announces Round 2 Results in PQC Competition

As Dr. Vladimir Soukharev said in his blog post just over a year ago: “It is a race like no other: a gruelling, long-distance marathon to solve one of the most critical and difficult mathematical challenges that the world has ever known.

This is not exaggeration nor is it hyperbole: the coming of Quantum Computing not only brings with it the dawn of a new era of technological advancement, but the threat of total destruction of today’s encryption systems that underpin virtually everything we do in our modern technological world. No secrets will remain secret anymore: from financial transactions to state secrets to your most private and intimate conversations… all are likely to be exposed as if no protections existed at all.

Time will tell how much time we have before this becomes our new reality - it could be five years away, it could be twenty. But people and organizations who are rightly concerned about this watershed moment are not resting; the National Institute of Standards and Technology (NIST) started a competition for cryptographic solutions that are designed to resist the new abilities and power that quantum computers promise to deliver.

 At ISG, our cryptography researchers spend a lot of time thinking about all of this. In collaboration with partners from academia and industry, ISG submitted two potential solutions to the NIST Post-Quantum Cryptography (PQC) competition. Today, we can proudly say that both of those entries have been selected by NIST to move forward to the next round of the competition. These two submissions were the result of an incredible team effort by a lot of people in both the private sector and in academia, and ISG is honoured to be part of these submissions.

NIST’s official competition page with the results so far can be found here, and if you'd like to read more about the two submissions, there are two sites you can head to:

https://sike.org

https://sphincs.org

Some thoughts on the competition so far are below.

There are five main categories of post-quantum cryptography: lattice-based, isogeny-based, hash-based, code-based, and multivariate polynomial-based (there’s also symmetric key quantum resistance, which is the use of some of today’s symmetric key algorithms with large enough key sizes to resist quantum attacks in the near term, but in reality that’s just an extension of current modern cryptography).

There were a whopping 82 submissions to the competition. 69 of those were accepted into the first round, and as of today, we are down to 26 entries.

In the Public-Key Encryption/Key Encapsulation Mechanism (PKE and KEM) category, there are 17 candidates remaining, and they cover three of the five categories listed above: isogeny-based, lattice-based, and code-based.

Of those five categories, SIKE is the only scheme remaining in the isogeny-based category, and SPHINCS+ is the only scheme remaining in the hash-based category. SIKE and SPHINCS+ do not compete with each other, but rather they are complementary: SIKE is a KEM and SPHINCS+ is a signature. SIKE was the only submission in the competition that received public comments about how the security provided by SIKE was actually stronger than was claimed in the submission. We are hopeful that this bodes well as the competition moves forward.

At ISG, our researchers are working very hard on optimizing SIKE (and all supersingular isogeny-based cryptography schemes) and SPHINCS+, and are creating efficient countermeasures against side-channel attacks. We are also proud of the relationships we maintain with other world-leading researchers in isogeny-based and hash-based cryptography, and are excited about collaborative work in the future. A well-deserved congratulations go to Tomislav Nad, Basil Hess, and Vladimir Soukharev for all their work on these submissions, and the work they continue to do on building cryptography solutions of the future.

We're not waiting though: both submissions will be soon be part of our AgileSec PQC Provider - making it incredibly easy for our AgileSec customers to switch to those potential standards in literally seconds.

We’re proud to have contributed thus far to the NIST competition and are hopeful and excited about what Round 2 will bring.

Richard Henderson, CTO, North America
January 31, 2019