August 25, 2023

NIST Releases the Draft of Post-Quantum Cryptographic Standards

Victoria de Quehen

On August 24, the National Institute of Standards and Technology (NIST) released drafts of three post-quantum cryptographic (PQC) standards and has made a Request For Comments on these drafts to the cryptographic community.

How do these Drafts relate to NIST’s Overall PQC Project?

The standards for these three drafts are scheduled to be finalized early next year. The following timeline shows how this relates to other milestones and algorithms in NIST’s PQC standardization project.

  • 2016 - Initial call for proposals for NIST’s PQC standardization process.
  • 2017-2022 - Analysis of initial 69 submissions and progressive narrowing of the candidate pool.
  • 2020 - In a separate process, two stateful post-quantum digital signature algorithms, XMSS and LMS/HSS, were standardized in NIST’s Special Publication SP 800-208.
  • 2022 - NIST selects 4 algorithms for standardization: KYBER, DILITHIUM, FALCON, and SPHINCS+. NIST also chose additional key establishment algorithms for a fourth round of analysis.
  • July 2023 - NIST releases 40 additional PQC digital signature submissions to undergo analysis.
  • Aug 2023 - NIST releases drafts for Kyber, Dilithium, and SPHINCS+, renamed ML-KEM, ML-DSA, and SLH-DSA, respectively, and requests comments on these drafts.
  • Nov 2023 - Comments on the drafts for ML-KEM, ML-DSA, and SLH-DSA are due.
  • Early 2024 - NIST is expected to publish the final ML-KEM, ML-DSA, and SLH-DSA standards. We do not expect large-scale changes between the drafts and the final standards.
  • Summer 2024 - NIST is expected to release a standard draft for FALCON.
  • 2025 onward - Continued work on the standardization of additional PQC algorithms.

What are the Algorithms that are being Standardized?

The PQC algorithms that NIST is standardizing satisfy different use cases and properties. Some PQC algorithms are used to establish a shared secret key, while others are digital signature algorithms used to authenticate entities. Some PQC algorithms are general-purpose, all-round good algorithms, while others will only be applied to specific scenarios. Different algorithms come from different mathematical areas and have different security hypotheses. Below, we give some main properties of the PQC being standardized:

Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM) – FIPS203

  • Previously called Kyber.
  • A general-purpose algorithm that is used for establishing a shared secret key.
  • Recommended by the National Security Agency (NSA) in their Commercial National Security Algorithm Suite CNSA2.0.
  • From an area of cryptography based on lattices. Lattice-based cryptography has been studied since the 1990s, and its security is believed to be well-understood.

Module-Lattice-Based Digital Signature Standard (ML-DSA) – FIPS 204

  • Previously called Dilithium.
  • A general-purpose digital signature algorithm.
  • Recommended by the NSA in CNSA 2.0.
  • A lattice-based algorithm.

Stateless Hash-Based Digital Signature Standard (SLH-DSA) – FIPS 205

  • Previously called SPHINCS+.
  • InfoSec Global researchers took part in developing SPHINCS+, and InfoSec Global is listed on the SPHINCS+ team.
  • A digital signature algorithm known for its security.
  • A hash-based cryptographic algorithm, where the algorithm's security is directly based on the security of the underlying well-known hash function, making it an appropriate choice for those who value the highest level of protection.

FALCON (No Draft Standard Released Yet)

  • A draft standard is scheduled to be released in around a year.
  • A special use-case digital signature algorithm.
  • A lattice-based algorithm.
  • Not recommended for general use due to difficulties in creating secure implementations.
  • Has the smallest bandwidth, which may make it the best solution for specific situations.

NIST Released the Drafts: What are the Next Steps?

Now that NIST has released the drafts of these algorithms, it is time to begin the process of migrating to PQC. As Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), explains, “It is imperative for all organizations, especially critical infrastructure, to begin preparing now for migration to post-quantum cryptography.”

Discovery

On August 21, the CISA, NSA, and NIST published a factsheet discussing the importance of preparing a cryptographic inventory and developing a quantum readiness roadmap with technology vendors.

The unfortunate reality is that most large organizations are unaware of the cryptography that they utilize. To complete a cryptographic migration, it is necessary first to perform an inventory of the organization’s current cryptographic assets. This can be done using a cryptographic discovery tool like InfoSec Global’s AgileSec™ Analytics software.

Experimentation/Crypto-Agility

While minor changes may exist between these drafts and the final standards, the key sizes, signature sizes, and timings will remain very similar. This is the ideal time to experiment with implementations of the draft standard to iron out details and avoid difficulties during the migration process. More generally, building crypto-agility into products and systems is essential to reduce the amount of work needed in a cryptographic migration.

Crypto-agility is a modern concept that addresses an age-old problem. When the first cryptographic algorithms were designed, it assumed that they would remain secure. However, over the decades, we have discovered the hard way that cryptographic algorithms need to be replaced from time to time. Crypto-agility should be built into the application level to reduce the work required during a cryptographic migration. This can be done by using InfoSec Global’s Cryptographic Agility Management Platform.

Looking Forward

The final standards for these four PQC algorithms are scheduled to be released in early 2024. However, now is the ideal time to prepare for the upcoming cryptographic migration by discovering your cryptographic artifacts, experimenting with these algorithms, and making your applications crypto-agile. We look forward to the continuing work of NIST and helping organizations with this PQC migration.

NIST Announces Round 2 Results in Their Post-Quantum Cryptography Standardization Competition

Marriott's Breach Shows NOW is the Time for a Cryptographic Revolution

Is Cryptography the New Oil for Malware?

August 25, 2023
PQC

NIST Releases the Draft of Post-Quantum Cryptographic Standards

Victoria de Quehen
Cryptographer at InfoSec Global

On August 24, the National Institute of Standards and Technology (NIST) released drafts of three post-quantum cryptographic (PQC) standards and has made a Request For Comments on these drafts to the cryptographic community.

How do these Drafts relate to NIST’s Overall PQC Project?

The standards for these three drafts are scheduled to be finalized early next year. The following timeline shows how this relates to other milestones and algorithms in NIST’s PQC standardization project.

  • 2016 - Initial call for proposals for NIST’s PQC standardization process.
  • 2017-2022 - Analysis of initial 69 submissions and progressive narrowing of the candidate pool.
  • 2020 - In a separate process, two stateful post-quantum digital signature algorithms, XMSS and LMS/HSS, were standardized in NIST’s Special Publication SP 800-208.
  • 2022 - NIST selects 4 algorithms for standardization: KYBER, DILITHIUM, FALCON, and SPHINCS+. NIST also chose additional key establishment algorithms for a fourth round of analysis.
  • July 2023 - NIST releases 40 additional PQC digital signature submissions to undergo analysis.
  • Aug 2023 - NIST releases drafts for Kyber, Dilithium, and SPHINCS+, renamed ML-KEM, ML-DSA, and SLH-DSA, respectively, and requests comments on these drafts.
  • Nov 2023 - Comments on the drafts for ML-KEM, ML-DSA, and SLH-DSA are due.
  • Early 2024 - NIST is expected to publish the final ML-KEM, ML-DSA, and SLH-DSA standards. We do not expect large-scale changes between the drafts and the final standards.
  • Summer 2024 - NIST is expected to release a standard draft for FALCON.
  • 2025 onward - Continued work on the standardization of additional PQC algorithms.

What are the Algorithms that are being Standardized?

The PQC algorithms that NIST is standardizing satisfy different use cases and properties. Some PQC algorithms are used to establish a shared secret key, while others are digital signature algorithms used to authenticate entities. Some PQC algorithms are general-purpose, all-round good algorithms, while others will only be applied to specific scenarios. Different algorithms come from different mathematical areas and have different security hypotheses. Below, we give some main properties of the PQC being standardized:

Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM) – FIPS203

  • Previously called Kyber.
  • A general-purpose algorithm that is used for establishing a shared secret key.
  • Recommended by the National Security Agency (NSA) in their Commercial National Security Algorithm Suite CNSA2.0.
  • From an area of cryptography based on lattices. Lattice-based cryptography has been studied since the 1990s, and its security is believed to be well-understood.

Module-Lattice-Based Digital Signature Standard (ML-DSA) – FIPS 204

  • Previously called Dilithium.
  • A general-purpose digital signature algorithm.
  • Recommended by the NSA in CNSA 2.0.
  • A lattice-based algorithm.

Stateless Hash-Based Digital Signature Standard (SLH-DSA) – FIPS 205

  • Previously called SPHINCS+.
  • InfoSec Global researchers took part in developing SPHINCS+, and InfoSec Global is listed on the SPHINCS+ team.
  • A digital signature algorithm known for its security.
  • A hash-based cryptographic algorithm, where the algorithm's security is directly based on the security of the underlying well-known hash function, making it an appropriate choice for those who value the highest level of protection.

FALCON (No Draft Standard Released Yet)

  • A draft standard is scheduled to be released in around a year.
  • A special use-case digital signature algorithm.
  • A lattice-based algorithm.
  • Not recommended for general use due to difficulties in creating secure implementations.
  • Has the smallest bandwidth, which may make it the best solution for specific situations.

NIST Released the Drafts: What are the Next Steps?

Now that NIST has released the drafts of these algorithms, it is time to begin the process of migrating to PQC. As Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), explains, “It is imperative for all organizations, especially critical infrastructure, to begin preparing now for migration to post-quantum cryptography.”

Discovery

On August 21, the CISA, NSA, and NIST published a factsheet discussing the importance of preparing a cryptographic inventory and developing a quantum readiness roadmap with technology vendors.

The unfortunate reality is that most large organizations are unaware of the cryptography that they utilize. To complete a cryptographic migration, it is necessary first to perform an inventory of the organization’s current cryptographic assets. This can be done using a cryptographic discovery tool like InfoSec Global’s AgileSec™ Analytics software.

Experimentation/Crypto-Agility

While minor changes may exist between these drafts and the final standards, the key sizes, signature sizes, and timings will remain very similar. This is the ideal time to experiment with implementations of the draft standard to iron out details and avoid difficulties during the migration process. More generally, building crypto-agility into products and systems is essential to reduce the amount of work needed in a cryptographic migration.

Crypto-agility is a modern concept that addresses an age-old problem. When the first cryptographic algorithms were designed, it assumed that they would remain secure. However, over the decades, we have discovered the hard way that cryptographic algorithms need to be replaced from time to time. Crypto-agility should be built into the application level to reduce the work required during a cryptographic migration. This can be done by using InfoSec Global’s Cryptographic Agility Management Platform.

Looking Forward

The final standards for these four PQC algorithms are scheduled to be released in early 2024. However, now is the ideal time to prepare for the upcoming cryptographic migration by discovering your cryptographic artifacts, experimenting with these algorithms, and making your applications crypto-agile. We look forward to the continuing work of NIST and helping organizations with this PQC migration.

More to Read About
PQC
New Signature Algorithms for NIST’s Standardization Project a Main Topic at PQCrypto 2023NIST lists 40 Submissions to their Call for Additional PQC Digital Signatures SchemesInfoSec Global Joins NCCoE’s Team of Industrial CollaboratorsNIST: Technical Summary of the new PQC Standards ProcessNIST Announces their Post-Quantum Cryptographic Algorithms for Standardization
NIST Releases the Draft of Post-Quantum Cryptographic Standards
New Signature Algorithms for NIST’s Standardization Project a Main Topic at PQCrypto 2023
NIST Lists 40 Submissions to Their Call for Additional PQC Digital Signatures Schemes
InfoSec Global Joins NCCoE’s Team of Industrial Collaborators
NIST: Technical Summary of the new PQC Standards Process
About the Author
Victoria de Quehen is a Cryptographer at InfoSec Global in Toronto. Her educational background includes an undergraduate degree in math from Queen’s University and a Master’s degree in Number Theory from McGill University. Professionally, she is developing innovative expertise in the field of digital security, where for the past 6 years she has been applying her knowledge of elliptic curves, and math in general, to conduct new cryptographic research on post-quantum encryption. She is actively involved in the post-quantum research community, and organizes international research workshops. Her main interest is in the optimization of post-quantum algorithms, with a special interested in hardware speed-ups, to improve security for information requiring long-term confidentiality.
More Posts from Author
Related Posts
Capabilities
Discovery & AnalysisCrypto-Agility Quantum ReadinessNetwork ProtectionCrypto-Agility &
PQC Workshops
Solutions
Crypto-Agility PlatformAgileSec™ AnalyticsAgileSec™ SDKAgileSec™ VPN
Use Cases
EnterpriseIoT
Resources
Blog & NewsWhitepapersVideos & WebinarsSolution BriefsEvents
Company
PartnersIndustry ExpertiseLeadership TeamWhy InfoSec Global?Careers
© 2023 InfoSec Global. All Rights Reserved
Privacy PolicyCookie PolicyEULATerms of Service
InfoSec Global Canada
2225 Sheppard Avenue East

Suite 1402,

Toronto, ON

M2J 5C2 Canada
InfoSec Global Switzerland
Hardturmstrasse 103

8005 Zurich

Switzerland
Subscribe to our Blog
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Certifications