NIST announces post-quantum cryptography selections

Introduction

The Cyber Centre welcomes a significant step towards ensuring our cyber ecosystem becomes quantum-safe.

The National Institute of Standards and Technology (NIST) in the United States has announced the initial selections for the standardization of post-quantum cryptography CryptographyThe study of techniques used to make plain information unreadable, as well as to convert it back to a readable form. (PQC). Once published, NIST’s PQC standards will enable developers to upgrade cyber security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. solutions to be resistant to the threat that quantum computers pose to cryptography.

CRYSTALS-KYBER is a key encapsulation mechanism to protect the confidentiality ConfidentialityThe ability to protect sensitive information from being accessed by unauthorized people. of data by establishing shared symmetric keys. It is intended to replace Elliptic Curve Diffie Hellman (ECDH) key agreement and RSA key transport. 

CRYSTALS-Dilithium, Falcon and SPHINCS+ are digital signature Digital signatureA cryptologic mechanism used to validate an item's (e.g. document, software) authenticity and integrity. schemes. They can be used to authenticate data and remote systems to protect against unauthorized access and malware MalwareMalicious software designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware. . They are intended to replace Elliptic Curve Digital Signature Algorithm (ECDSA) and the RSA signature scheme.

Although this announcement is an important step towards standardization, the Cyber Centre continues to advise organizations to wait for further guidance before using these algorithms to protect data or systems.

Background

NIST launched their PQC project in 2016 with an international call for proposals. The goal was to find, evaluate and standardize new cryptographic algorithms designed to be secure against the threat of quantum computing Quantum computingA quantum computer can process a vast number of calculations simultaneously. Whereas a classical computer works with ones and zeros, a quantum computer will have the advantage of using ones, zeros and “superpositions” of ones and zeros. Certain difficult tasks that have long been thought impossible for classical computers will be achieved quickly and efficiently by a quantum computer. .

In November 2017, NIST shared the 69 valid submissions received. Over the following years, NIST narrowed down the list of candidates based on international evaluation efforts. These efforts analyzed and compared the security, algorithm speed and bandwidth requirements of the candidates. In March 2021, the Cyber Centre posted a summary of the finalists.

Next steps before deploying PQC

Over the next year, NIST will produce a draft standard with algorithm specifications and parameter recommendations. This draft standard will be carefully reviewed by experts to ensure the specifications are clear and correct for implementers to follow. The final standard is expected to be published in 2024, after which the Cyber Centre will update our list of approved cryptographic algorithms.

The Cyber Centre is a partner with NIST on the Cryptographic Module Validation Program (CMVP), and we intend to work with NIST to update the Cryptographic Algorithm Validation Program (CAVP) under the CMVP to test implementations of these new PQC algorithms. The Cyber Centre advises consumers to procure and use cryptographic modules that are tested and validated under CMVP with algorithm certificates from the CAVP.

Other standards bodies, such as the Internet Engineering Task Force (IETF), will make the necessary updates to cyber security protocols to support these new PQC algorithms. The Cyber Centre participates in IETF working groups to help ensure these critical cyber security protocols are robust and secure. Once the protocol standards are updated, the Cyber Centre will revise our Guidance on securely configuring network protocols (ITSP.40.062) to include PQC.

The Cyber Centre recommends that cyber security products be evaluated and certified to meet the Common Criteria standard with a Security Target and Certification Report that includes the desired protocol security requirements. Therefore, once protocol standards are updated, Common Criteria Evaluation Facilities will need to support testing and evaluation methods for protocols utilizing the new PQC algorithms.

Additional candidates

The PQC algorithms that NIST has announced for their first set of standards are deemed the most mature and are expected to be usable in the majority of applications. Nevertheless, NIST has stated it will continue to consider additional PQC candidates in a fourth round of the PQC Project. The purpose is to have a diversified portfolio with alternate candidates from different mathematical families (see our summary of the finalists for an overview of the mathematical families). The alternates will not be standardized until the first set is finalized.

Given that there will be diverse options for PQC algorithms, it is important for organizations to support cryptographic agility.

What you can do now

There are steps organizations should take now to be ready to migrate to PQC once the Cyber Centre recommends it. These steps are outlined in our guidance on Preparing your organization for the quantum threat to cryptography (ITSAP.00.017).

The Cyber Centre is working within the Government of Canada and with Critical Infrastructure Critical infrastructureProcesses, systems, facilities, technologies, networks, assets, and services essential to the health, safety, security, or economic well-being of Canadians and the effective functioning of government. Critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories, and national borders. Disruptions of critical infrastructure could result in catastrophic loss of life, adverse economic effects, and significant harm to public confidence. to ensure a smooth and timely transition to PQC. Contact the Cyber Centre by email at contact@cyber.gc.ca or by phone at 1-888-CYBER-88 if you have further questions.

About us

The Canadian Centre for Cyber Security (Cyber Centre) is part of the Communications Security Establishment and is Canada’s authority on cyber security and cryptography.