Manoj Sastry is a senior principal research scientist at Intel Labs.
Highlights
- The U.S. National Institute of Standards and Technology (NIST) released three post-quantum cryptography standards designed to provide data security and withstand future adversarial attacks from quantum computers.
- Intel co-developed one of the three standards, the FIPS 205 stateless hash-based digital signature algorithm based on the SPHINCS+ algorithm with an international team of researchers from universities and the industry.
- NIST encourages computer system administrators for both industry and federal agencies to begin transitioning to the new standards today to prepare for Q-Day, when a quantum computer will be able to break our public key crypto systems.
In August 2024, the United States National Institute of Standards and Technology (NIST) released three post-quantum crypto (PQC) standards for the industry and government to implement today to help protect data against potential nefarious attacks by future quantum computers. The new standards provide authenticity and confidentiality for digital transactions over the internet.
While quantum computing promises to solve some of the most difficult problems in drug discovery, medical research, chemical engineering, materials design and more, the same beneficial technology could be used to break cryptography. This point in time is known as Q-Day when a quantum computer will be able to break our public encryption systems currently protecting secure digital interactions. This includes digital signatures for identity authentication and key exchange algorithms for protecting information exchanged across a public network.
One of the three standards includes an algorithm that was co-developed by Intel, known as the FIPS 205 stateless hash-based digital signature algorithm (SLH-DSA) based on the SPHINCS+ algorithm. Intel Research Scientist Christoph Dobraunig and collaborators from universities and companies worldwide worked together to create this algorithm, that can authenticate digital signatures for applications such as signing for loans or other legal documents. This standard can also provide verification of software updates and detect unauthorized modifications to data.
Current classical public key algorithms need to be replaced by the new NIST PQC standards, which are based on math problems difficult for both conventional and quantum computers to solve. In the future, quantum computers could completely break public-key crypto since Shor’s algorithm (1994) can solve the hard problems such as integer factorization and discrete logarithms that underlie classical crypto algorithms like RSA and ECC.
Secure Digital Signatures: FIPS 204 and FIPS 205
FIPS 204, the new primary NIST standard for protecting digital signatures, uses the CRYSTALS-Dilithium algorithm, which has been renamed the module-lattice-based digital signature algorithm (ML-DSA). NIST also standardized FIPS 205, a SLH-DSA algorithm that relies on the security of hash functions to provide diversity from lattice-based security assumptions.
Developed by an international team including researchers at Intel, FIPS 205 uses the SPHINCS+ algorithm, which has been renamed to stateless hash-based digital signature algorithm. This standard defines a method for generating digital signatures for detecting unauthorized modification of code and verifying identity of the signer. The security of the SLH-DSA algorithm relies on the difficulty of finding pre-images and collisions in hash functions.
Secure Key Encapsulation: FIPS 203
Although quantum computers that break cryptography are not yet available, sensitive data transmitted over the internet is prone to the harvest now, decrypt later (HNDL) threat. HNDL refers to the problem of adversaries storing away encrypted data now so that they can decrypt it later when quantum computers are available. This threat poses a risk to long-lived sensitive secrets. Key exchange algorithms based on classical crypto are vulnerable to a quantum attack due to Shor’s algorithm. FIPS 203 module-lattice-based key-encapsulation mechanism (ML-KEM) is a new NIST standard based on the CRYSTALS-Kyber algorithm. This standard helps in establishing a shared secret between two parties while providing protection from quantum adversaries.
How the Industry Can Prepare for the Future
The PQC standards are expected to be adopted by both industry and federal agencies. The U.S. government’s National Security Agency has released an advisory Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) that specifies requirements and a timeline for migrating national security systems based on classical crypto to PQC. The industry is closely following these guidelines.
NIST encourages computer system administrators to begin transitioning to the new standards as soon as possible by inventorying their systems for applications that use crypto and prioritizing components for migration. Quantum computing presents a new threat that will require the entire industry to collaborate, develop and deploy solutions.
Manoj Sastry is a Principal Engineer in the Security & Privacy Research Lab in Intel Labs. He leads research in post-quantum cryptography and security for autonomous systems. He has 25+ years of industry experience and worked at Sequent and IBM before joining Intel. Manoj has driven research in systems and network security, trusted platforms, privacy, IoT, SoC, and cryptography. He has over 50 patents granted, 80 patents pending and 30 published papers.