Backgound of encryption

In August 2024, the National Institute of Standards and Technology (NIST) announced the release of the first three finalized post-quantum encryption standards—FIPS 203, 204, and 205. These new standards mark a significant milestone in safeguarding sensitive data against the upcoming threat of quantum computing, which has the potential to break the encryption methods we rely on today. 

What are the New Standards? 

  • FIPS 203: A standard designed for general public key encryption, ensuring data privacy. Its advantages are having small encryption keys comparatively that two parties can exchange easily, as well as having better speed of operation. The standard is based on the CRYSTALS-Kyber algorithm, which has been renamed ML-KEM, short for Module-Lattice-Based Key-Encapsulation Mechanism. 
  • FIPS 204: Focuses on digital signatures, which are essential for verifying the authenticity and integrity of digital communications. The standard uses the CRYSTALS-Dilithium algorithm, which has been renamed ML-DSA, short for Module-Lattice-Based Digital Signature Algorithm. 
  • FIPS 205: also designed for digital signatures. The standard employs the Sphincs+ algorithm, which has been renamed SLH-DSA, short for Stateless Hash-Based Digital Signature Algorithm. The standard is based on a different math approach than ML-DSA, and it is intended as a backup method in case ML-DSA proves vulnerable. 

These standards are part of NIST’s ongoing efforts to prepare industries for a post-quantum world, where quantum computers could decrypt today’s most secure communication channels. In addition, a fourth standard, which will implement the FALCON algorithm for digital signatures, is expected to be finalized in the coming years. 

Why Should Companies Care? The timeline for quantum computers capable of breaking current encryption isn’t definite, but experts suggest it could happen within the next decade. This means that businesses must start preparing now to ensure that sensitive data—ranging from financial records to personal information—remains secure in the future. 

Suggestions for Businesses to Consider: 

  1. Assess your current cryptographic infrastructure: Begin by understanding which cryptographic algorithms you’re currently using and whether they will be vulnerable to quantum attacks. 
  1. Adopt a hybrid approach: Start implementing post-quantum cryptography alongside traditional encryption methods. This allows for a smoother transition while quantum-safe solutions mature. 
  1. Stay informed: Follow developments from NIST and other organizations as they continue to refine standards and provide guidance on best practices for post-quantum security. 
  1. Engage with Quantum-Safe vendors: Look for solutions, such as IBM’s Quantum Safe, that provide tools and expertise to help organizations prepare for the quantum future. 

In conclusion, while quantum threats may still seem distant, the release of NIST’s post-quantum cryptographic standards highlights the urgency of preparing today. By taking proactive steps, businesses can ensure they remain secure in the face of quantum computing’s rapid advancements. 

References: 

  1. NIST’s Announcement of Post-Quantum Encryption Standards: NIST.gov​ 
  1. Understanding Quantum-Safe Cryptography: Gartner – Post-Quantum Cryptography 
  1. IBM’s Quantum Safe Solution: IBM Quantum Safe Security 
Contact Us
Scroll to Top