NEW PQC NIST STANDARDS PUBLISHED: Today, NIST, the US National Institute of Standards and Technology, published their finalized post-quantum cryptography (PQC) standards, FIPS 203, FIPS 204, and FIPS 205 – the culmination of an eight-year cycle of submission, research, and analysis.
This long-awaited announcement marks a significant milestone in the history of PQC. It’s set to impact the cryptography deployed in every industry, from machines transferring data across a network, online financial transactions, or connectivity in military devices. As a result of today’s news, chips, devices, software applications, and components in supply chains will now need to be PQC-compliant with the framework of standards announced.
What are the New NIST Standards?
| Standard | Description | AKA | Document |
|---|---|---|---|
| FIPS 203 | Module-Lattice-Based Key-Encapsulation Mechanism Standard | Kyber | https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.203.pdf |
| FIPS 204 | Module-Lattice-Based Digital Signature Standard | Dilithium | https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.204.pdf |
| FIPS 205 | Stateless Hash-Based Digital Signature Standard | SPHINCS+ | https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.205.pdf |
A fourth digital signature standard FN-DSA (FALCON) will follow shortly, in addition to two other recommended hash-based schemes, XMSS and LMS, previously covered in NIST SP 800-208.
These selected standards are the submissions that have shown the highest level of security provable with an acceptable performance. They have been chosen for robustness, flexibility, and usefulness in a variety of situations, and are based on technology that combines both lattice-based cryptography, and hash-based schemes.
What will be the impact of this announcement?
Adoption of the new standards is likely to be both fast and widespread, reiterated by guidance from security bodies such as the NSA, with equivalent European requirements from Germany’s BSI, France’s ANSSI, NCSC in the UK, and others. This quantum shift towards compliance is likely to continue, with both regulation and legislation as part of the framework of these new standards. In fact, the US Federal Government has already reinforced the strategy for PQC migration outlined in the Quantum Computing Preparedness Act, by focusing agencies on the transition of critical systems to the new schemes.
There’s little doubt that today’s announcement triggers the biggest and most significant cybersecurity transition in history. As our CEO and Founder Ali El Kaafarani says,
“This is an exciting moment for cryptographers like Team PQShield, who worked to shape the new standards. It’s now our duty and responsibility to get the new software and hardware designs into the hands of more organizations, so they can keep us all one step ahead of the attackers.”
PQShield
Our security suite of post-quantum hardware and software products is built on these new standards, and we’ve focused on high-performance, versatility, security, and efficiency. It’s our mission to update the legacy components in the world’s technology supply chain, and with NIST announcing today, we’re perfectly poised.