On July 22nd National Institute of Standards and Technology (NIST) announced that they have entered the ‘selection’ round in the process of standardizing post-quantum cryptography. If you’re reading this, you already know the importance of creating these standards to mitigate the threat that quantum computers pose to the widespread cryptography we use today. NIST’s publication can be found here: Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process (NISTIR 8309).
In an accompanying blog post, NIST states they intend to have a draft or “initial standard” ready in early 2022. To achieve this goal, they narrowed their focus to seven schemes (4 key encapsulation mechanisms (KEMs), and 3 signatures). NIST expects to include one to two KEMs and one to two signatures from the 7 schemes in the draft standard. In addition to the above, NIST also announced they will pick eight additional schemes (5 KEMs, 3 Signatures) which will continue to be rigorously studied and considered for future standardization post 2022. These can be considered backup schemes that may not be mature enough yet and require further study, but may be cleared for use after 2022.
The current round of evaluations, has now commenced and is expected to last between 12 and 18 months. NIST will accept tweaks up to August 10th, with official changes to be announced by October 1st. NIST also announced that they are considering a process to evaluate future submissions or improvements for future standards consideration. Thus far NIST has evaluated security, bandwidth and computational cost, with considerations for the trade-offs between different applications. Application considerations include: how often is a scheme used, what's the lifetime of the key pair, what kinds of protocols is a scheme good for, and what devices does it run on? More subtle security considerations such as side-channel attacks will be more heavily scrutinized in the current round. ISARA is excited to see how the rest of the standardization process will progress.If you would like to talk to our team to understand better how to get your organization ready for quantum-safe or any cryptographic transition, please reach out at quantumsafe@isara.com. You may also want to consider ISARA's ISARA's Quantum-Safe Readiness Program for Enterprise.This program is designed to help forward-thinking enterprises take steps to manage quantum risk today and arm your IS, IT and cryptography teams with actionable know-how and practical hands-on experience.The program includes:
Full details can be found at https://www.isara.com/services/quantum-readiness-enterprise.html