NIST announces post-quantum cryptography selections

Introduction

The Cyber Centre welcomes a significant step towards ensuring our cyber ecosystem becomes quantum-safe.

The National Institute of Standards and Technology (NIST) in the United States has announced the initial selections for the standardization of post-quantum cryptography (PQC). Once published, NIST’s PQC standards will enable developers to upgrade cyber security solutions to be resistant to the threat that quantum computers pose to cryptography.

CRYSTALS-KYBER is a key encapsulation mechanism to protect the confidentiality of data by establishing shared symmetric keys. It is intended to replace Elliptic Curve Diffie Hellman (ECDH) key agreement and RSA key transport. 

CRYSTALS-Dilithium, Falcon and SPHINCS+ are digital signature schemes. They can be used to authenticate data and remote systems to protect against unauthorized access and malware. They are intended to replace Elliptic Curve Digital Signature Algorithm (ECDSA) and the RSA signature scheme.

Although this announcement is an important step towards standardization, the Cyber Centre continues to advise organizations to wait for further guidance before using these algorithms to protect data or systems.

Background

NIST launched their PQC project in 2016 with an international call for proposals. The goal was to find, evaluate and standardize new cryptographic algorithms designed to be secure against the threat of quantum computing.

In November 2017, NIST shared the 69 valid submissions received. Over the following years, NIST narrowed down the list of candidates based on international evaluation efforts. These efforts analyzed and compared the security, algorithm speed and bandwidth requirements of the candidates. In March 2021, the Cyber Centre posted a summary of the finalists.

Next steps before deploying PQC

Over the next year, NIST will produce a draft standard with algorithm specifications and parameter recommendations. This draft standard will be carefully reviewed by experts to ensure the specifications are clear and correct for implementers to follow. The final standard is expected to be published in 2024, after which the Cyber Centre will update our list of approved cryptographic algorithms.

The Cyber Centre is a partner with NIST on the Cryptographic Module Validation Program (CMVP), and we intend to work with NIST to update the Cryptographic Algorithm Validation Program (CAVP) under the CMVP to test implementations of these new PQC algorithms. The Cyber Centre advises consumers to procure and use cryptographic modules that are tested and validated under CMVP with algorithm certificates from the CAVP.

Other standards bodies, such as the Internet Engineering Task Force (IETF), will make the necessary updates to cyber security protocols to support these new PQC algorithms. The Cyber Centre participates in IETF working groups to help ensure these critical cyber security protocols are robust and secure. Once the protocol standards are updated, the Cyber Centre will revise our Guidance on securely configuring network protocols (ITSP.40.062) to include PQC.

The Cyber Centre recommends that cyber security products be evaluated and certified to meet the Common Criteria standard with a Security Target and Certification Report that includes the desired protocol security requirements. Therefore, once protocol standards are updated, Common Criteria Evaluation Facilities will need to support testing and evaluation methods for protocols utilizing the new PQC algorithms.

Additional candidates

The PQC algorithms that NIST has announced for their first set of standards are deemed the most mature and are expected to be usable in the majority of applications. Nevertheless, NIST has stated it will continue to consider additional PQC candidates in a fourth round of the PQC Project. The purpose is to have a diversified portfolio with alternate candidates from different mathematical families (see our summary of the finalists for an overview of the mathematical families). The alternates will not be standardized until the first set is finalized.

Given that there will be diverse options for PQC algorithms, it is important for organizations to support cryptographic agility.

What you can do now

There are steps organizations should take now to be ready to migrate to PQC once the Cyber Centre recommends it. These steps are outlined in our guidance on Preparing your organization for the quantum threat to cryptography (ITSAP.00.017).

The Cyber Centre is working within the Government of Canada and with Critical Infrastructure to ensure a smooth and timely transition to PQC. Contact the Cyber Centre by email at contact@cyber.gc.ca or by phone at 1-888-CYBER-88 if you have further questions.

About us

The Canadian Centre for Cyber Security (Cyber Centre) is part of the Communications Security Establishment and is Canada’s authority on cyber security and cryptography.

Date modified: