The arrival of quantum computing is thrilling for the value it can provide worldwide, with near-term impacts on materials, chemistry, and fundamental physics. But with great power does come great responsibility. Quantum computers can also break down our safeguards in our digital world using Shor’s Algorithm to break RSA and ECC cryptography, which protects most of our digital communication. With the latest progress with increasing quantum bit (qubit) counts and reduction of the number of qubits needed to run encryption-breaking quantum algorithms, it seems like a daunting task to stop the quantum threat.
But innovation can’t be stopped. This threat created the need for Post-Quantum Cryptography (PQC). PQC uses classical mathematical methods (meaning, running on non-quantum hardware, just on a regular computer) that remain secure even against large-scale quantum computers. To protect against quantum computers, we need to find new algorithms to replace RSA and ECC cryptography.
The National Institute of Standards and Technology (NIST) plays a leading role in standardizing various technologies and methodologies used within the United States and internationally. The first step in NIST’s PQC call for proposals was launched in 2016 to find new cryptography standards for a post-quantum world.
NIST's standardization process is characterized by its systematic, open, and rigorous approach to make sure the algorithms selected are scrutinized fully before being recommended as standards worldwide.
Here's a step-by-step breakdown of the process:
Though the PQC Standardization process began in 2016, it’s not yet complete.
Recognizing the gravity of this quantum challenge, the National Institute of Standards and Technology (NIST) initiated a process to standardize post-quantum cryptographic algorithms.
Here's a glimpse of the journey so far:
2016-2017: Call for Proposals
NIST kickstarted the PQC standardization process by releasing a public call for proposals in 2016. They invited the global community of cryptographers to submit quantum-resistant cryptographic algorithms. The focus was primarily on public-key encryption, public-key digital signatures, and key-establishment protocols.
2017-2019: Initial Screening and Round 1
From the submissions, NIST selected 69 algorithms to move to the first round of evaluation. This phase primarily involved vetting and eliminating algorithms with evident flaws or vulnerabilities.
2019-2020: Round 2
Based on the evaluations and feedback from the first round, NIST shortlisted 26 algorithms for the second round. This phase entailed a deeper analysis involving performance testing, security assessments, and scrutiny under various deployment scenarios.
2020-2022: Round 3
From the second round, NIST refined the list to a handful of candidate algorithms that entered the third round. This phase is even more rigorous, with a broader community of experts dissecting each algorithm for potential weaknesses, implementation challenges, and other parameters.
July 5th, 2022: Selected Algorithms
Four algorithms were selected in 2022. For public-key encryption and key-establishment algorithms, CRYSTALS-Kyber was selected. Additionally, three digital signature schemes, CRYSTALS-Dilithium, FALCON, and SPHINCS+ were selected.
2022 - present: Round 4
A new round was announced in July 2022. Through this extended round process, BTQ’s Preon was announced as a finalist. It’s expected that more algorithms in this round will be added to selected algorithms, and eventually standardization.
Expected 2024: Standardization
NIST’s recommendations for the Post-Quantum Cryptography Standard will likely be released in 2024.
Likely, NIST will opt to standardize multiple algorithms in the PQC process to ensure a broader security net, due to the uncertain landscape of emerging quantum technology and threats.
The SIKE cryptographic algorithm, a fourth-round candidate for the PQC standard, was cracked using a single-core Xeon processor by Belgian researchers. While none of the algorithms currently selected for standardization have faced this fate, this situation showed the need for multiple layers of security and backup options.
In this context, the concept of crypto-agility becomes important for industries. Crypto-agility is the ability of a system to easily switch between different cryptographic algorithms without requiring massive overhauls. If one algorithm is compromised, systems designed with crypto-agility can swiftly switch to another standardized algorithm and maintain their security.
This becomes particularly significant in a landscape where multiple algorithms have been vetted and standardized by NIST, offering a range of options to adapt to. Thus, NIST’s approach of selecting multiple algorithms serves as both a risk mitigation strategy and a catalyst for encouraging crypto-agility within the industry.
BTQ Technologies Corp.'s Preon has been selected for consideration in the fourth round of the NIST PQC standardization process. Developed in collaboration with Hon Hai Research Institute, the research arm of Foxconn, Preon is designed to be a robust and efficient post-quantum signature scheme. It’s compact, with a key size that requires only tens of bytes, has rapid key generation processes supported by one or two AES encryptions, and minimal assumptions, by only requiring a collision-resistant hash function for its security model, which, so far, has stood up to quantum attacks.
The details on Preon are published online at preon.btq.com and, alongside all the algorithms, will continue to be scrutinized through the NIST PQC Standardization process.
Once NIST selects an algorithm for standardization, the next steps for use are open:
One of the expectations is a phased transition from classical to post-quantum algorithms. This won't be an overnight shift but a gradual process where systems initially deploy hybrid models (combining classical and quantum-safe algorithms) to ensure backward compatibility and phased migration.
Even after the PQC standards are finalized, the cryptographic community will continually assess them. The dynamic nature of technological advancements means that today's secure algorithm could be vulnerable tomorrow. Not only do new algorithms need to be found, but the industry needs to start thinking about how to upgrade their systems, when, and what the action plan will be if these algorithms become vulnerable to classical or quantum computers.