The first set of standards for post-quantum cryptography have been published — here's what it means for you

The National Institute of Standards and Technology (NIST) has released its first three encryption standards designed to withstand decryption efforts from a quantum computer.

Quantum computers will provide computing power millions of times faster than current supercomputers, with the ability to crack current encryption standards equally as fast.

As a result of this, cybercriminals are already attacking organizations and stealing their encrypted data with the intention of decrypting it when they are able to get their hands on a quantum computer. This day is known among the security community as Q-Day.

Defending against Q-Day 

Our current encryption standards are used to protect almost everything we do across the internet, but they are not enough to defend against quantum computers, which is why new encryption algorithms capable of withstanding an attack from a quantum computer are currently being developed to protect both against theft now, and cracking in the future.

Quantum computers are especially good at factoring, which can be used to crack encryption methods quickly. Experts predict that the first quantum computers could emerge within 10 years, but at this time they will likely only be operational for research and development purposes in the hands of their manufacturers, with it being several more years before commercially available quantum computers appear on the market.

NIST has been working to produce these three encryption standards for eight years, drawing the best and the brightest of the encryption community to its cause. 

“The advancement of quantum computing plays an essential role in reaffirming America’s status as a global technological powerhouse and driving the future of our economic security," commented US Deputy Secretary of Commerce, Don Graves.

“Commerce bureaus are doing their part to ensure U.S. competitiveness in quantum, including the National Institute of Standards and Technology, which is at the forefront of this whole-of-government effort. NIST is providing invaluable expertise to develop innovative solutions to our quantum challenges, including security measures like post-quantum cryptography that organizations can start to implement to secure our post-quantum future.”

“As this decade-long endeavor continues, we look forward to continuing Commerce’s legacy of leadership in this vital space,” Graves concluded.

Included in the encryption standards are the algorithms’ computer code, implementation instructions, and the intended uses for each form of encryption. The first, named Federal Information Processing Standard (FIPS) 203 is a general encryption standard based on the CRYSTALS-Kyber algorithm, renamed to Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM).

The second, FIPS 204, is designed to protect digital signatures by using the CRYSTALS-Dilithium algorithm - renamed Module-Lattice-Based Digital Signature Algorithm (ML-DSA). The last encryption standard, FIPS 205, is also designed for digital signatures, but utilizes a different standard to ML-DSA in case vulnerabilities are discovered in FIPS 204. FIPS 205 uses the Sphincs+ algorithm, renamed to Stateless Hash-Based Digital Signature Algorithm (SLH-DSA).

More from TechRadar Pro

• These are the best laptops for engineering students
• Q-Day mitigation is here - LastWall unveils quantum-resilient network infrastructure protection
• Take a look at our guide to the best firewalls