The American National Institute of Standards and Technology (NIST) has chosen the first four cryptographic algorithms designed to withstand the assault of a future quantum computer (link in Dutch). Researchers from the Netherlands and Belgium are involved in three of them: the public-key encryption scheme Crystals-Kyber and the digital signature Crystals-Dilithium were co-created by Joppe Bos from NXP in Leuven, Léo Ducas from CWI/Leiden University and Peter Schwabe from Radboud University Nijmegen, while the digital signature Sphincs+ was co-authored by Schwabe and Joost Rijneveld from RU, Andreas Hülsing and Tanja Lange from TUE, Ward Beullens from KU Leuven and Bas Westerbaan from Cloudflare. Together with another digital signature, Falcon, the algorithms will become part of NIST’s post-quantum cryptographic standard, expected to be finalized in about two years.
To protect today’s sensitive electronic information, like secure websites and emails, from unwelcome third parties, public-key encryption systems are used that rely on math problems that even the fastest conventional computers find intractable. A sufficiently capable quantum computer, however, could solve these problems quickly. To counter this threat, the four quantum-resistant algorithms are based on math problems that both conventional and quantum computers should have difficulty solving, thereby defending privacy both now and down the road. The algorithms are designed for two typical main tasks: general encryption, used to protect information exchanged across a public network, and digital signatures, used for identity authentication.
The announcement follows a six-year effort managed by NIST, which in 2016 called upon the world’s cryptographers to devise and then vet encryption methods that could resist an attack from a future quantum computer. The selection constitutes the beginning of the finale of the agency’s post-quantum cryptography standardization project. Four additional algorithms are under consideration for inclusion, and NIST plans to announce the finalists from that round at a future date. The agency encourages security experts to explore the new algorithms and consider how their applications will use them, but not to bake them into their systems yet, as they could change slightly before the standard is finalized.