NIST chooses 4 algorithms to defend against quantum computers

The announcement is the culmination of a six-year, four-round competition to refine encryption formulas with the goal of including some in a new post-quantum cryptographic standard.
code, data, artificial intelligence, algorithm
(Getty Images)

The National Institute of Standards and Technology chose four quantum-resistant cryptographic algorithms it will standardize to protect sensitive data from quantum computers, in the first batch of winners announced Tuesday.

NIST selected the CRYSTALS-Kyber algorithm for general encryption of data exchanged across public networks and the CRYSTALS-Dilithium, FALCON and SPHINCS+ algorithms for digital signatures used to verify identities often during transactions.

The announcement is the culmination of a six-year, four-round competition to refine encryption candidates with the goal of including some in a post-quantum cryptographic standard expected in 2024. Agencies are concerned that China and other nation-states are developing quantum computers capable of breaking the public-key cryptography that secures most federal systems.

“NIST constantly looks to the future to anticipate the needs of U.S. industry and society as a whole, and when they are built, quantum computers powerful enough to break present-day encryption will pose a serious threat to our information systems,” said Director Laurie Locascio in the announcement. “Our post-quantum cryptography program has leveraged the top minds in cryptography worldwide to produce this first group of quantum-resistant algorithms that will lead to a standard and significantly increase the security of our digital information.”


The agency chose CRYSTALS-Kyber for its comparatively smaller encryption keys — strings of bits the algorithm uses to convert plain text to cipher text and back — allowing for easy exchange and operational speed.

Reviewers deemed both CRYSTALS-Dilithium, recommended the primary algorithm, and FALCON, handy when smaller signatures are needed, highly efficient. While SPHINCS+ is larger and slower, its different math approach, hash functions, makes it a valuable backup to other three, based on a family of math problems called structured lattices.

NIST continues to consider four alternative algorithms with different approaches for general encryption should others prove vulnerable to quantum computers in the long run.

“Fundamentally, now [agencies] know which horses are in the race,” Duncan Jones, head of cybersecurity at Quantinuum, told FedScoop. “It really accelerates the migration planning that can happen.”

National Security Memo-10 issued in May gives agencies a year from the day the algorithms are standardized to release transition plans, and now they can test winning algorithms with their software confident they’re not wasting their time, Jones said.


NIST advised agencies not to bake the algorithms into their systems just yet because they continue to be fine-tuned ahead of standardization. 

Quantinuum already supported all of NIST’s candidate algorithms and even worked with space infrastructure developer, Axiom, to encrypt data sent to and from the International Space Station. 

“At the end of the day it’s good to have a toolbox of options, and we will support all of them,” Jones said. “It will be down to our own customers to decide what algorithms they think are most appropriate for their use cases.”

Latest Podcasts