Insider Brief
- Intel’s principal scientist discusses the U.S. National Institute of Standards and Technology’s three post-quantum cryptography standards designed to secure data and withstand future adversarial attacks from quantum computers.
- Intel co-developed one of the three standards, the FIPS 205 stateless hash-based digital signature algorithm based on the SPHINCS+ algorithm.
- NIST encourages computer system administrators for both industry and federal agencies to begin transitioning to the new standards today to prepare for when a quantum computer will be able to break our public key crypto systems.
- Image: Intel
Intel has played an important role in helping to develop quantum computing’s unique transformative capabilities. Intel’s principal scientist writes that the company is also assisting organizations prepare for the day when the technology could disrupt data security, referred to as “Q-Day”.
The United States National Institute of Standards and Technology (NIST) introduced three new post-quantum cryptography (PQC) standards in August 2024, marking a significant shift in digital security as industries prepare for potential quantum-based threats. These standards are intended to safeguard data confidentiality and authenticity as the rise of quantum computing threatens current encryption methods, writes Manoj Sastry, a senior principal research scientist at Intel Labs, in a recent Intel blog post.
Sastry writes: “While quantum computing promises to solve some of the most difficult problems in drug discovery, medical research, chemical engineering, materials design and more, the same beneficial technology could be used to break cryptography. This point in time is known as Q-Day when a quantum computer will be able to break our public encryption systems currently protecting secure digital interactions. This includes digital signatures for identity authentication and key exchange algorithms for protecting information exchanged across a public network.”
Intel has taken a direct and key role in developing these cybersecurity measures.
Intel’s Role in Quantum-Resistant Digital Signatures
Among the three new standards, FIPS 205 has Intel’s own contributions embedded. Intel collaborated with researchers and institutions worldwide to develop the “stateless hash-based digital signature algorithm” (SLH-DSA), a quantum-resistant method based on the SPHINCS+ algorithm. This algorithm is part of NIST’s strategy to ensure diverse cryptographic defenses and is designed to protect digital signatures against potential quantum attacks.
Digital signatures verify the authenticity of everything from loan agreements to legal documents, Sastry writes in his post. With the SLH-DSA algorithm, institutions can verify signatures in a quantum-safe way, adding a critical layer of security for applications such as verifying the source of software updates or detecting unauthorized modifications in data. SLH-DSA relies on hash functions, which are mathematically challenging for both conventional and quantum computers to reverse-engineer, providing a safeguard distinct from the more commonly used lattice-based security.
Another key standard for digital signatures is FIPS 204, which NIST has selected as the primary standard. It relies on a lattice-based algorithm called CRYSTALS-Dilithium, now rebranded as the module-lattice-based digital signature algorithm (ML-DSA). By including both lattice and hash-based standards, NIST aims to increase the security diversity across digital platforms, making it harder for quantum-based attacks to break through, according to the post.
Guarding Key Exchanges with FIPS 203
Sastry writes that FIPS 203, another critical NIST standard, tackles a distinct vulnerability: secure key exchange. Currently, when sensitive information is transmitted over the internet, adversaries could store encrypted data with the intention of decrypting it once quantum capabilities become available. This threat, known as “harvest now, decrypt later” (HNDL), underscores the urgency of adopting quantum-resistant encryption.
To address this, FIPS 203 employs a module-lattice-based key-encapsulation mechanism (ML-KEM) derived from the CRYSTALS-Kyber algorithm. The post explains that key encapsulation, unlike digital signatures, is about securely establishing a shared secret between two parties. By replacing classical key exchanges, which are vulnerable to quantum algorithms like Shor’s, ML-KEM helps guard long-lived secrets that could otherwise be exposed when quantum decryption is within reach.
The Shift Away from Classical Cryptography
These new standards mark a transition from classical cryptographic systems, many of which are susceptible to quantum-enabled decryption. Shor’s algorithm, a quantum algorithm developed in the 1990s, demonstrated that quantum systems could solve the complex mathematical problems—such as factoring large numbers and solving discrete logarithms—that underlie encryption protocols like RSA and ECC. This theoretical breakthrough foreshadowed the vulnerability of these classical algorithms in a quantum future.
NIST’s newly standardized algorithms replace the classical systems by focusing on problems that are equally difficult for both classical and quantum computers to solve. Sastry writes that the newly adopted standards address the urgent need to secure digital infrastructure before quantum computing makes these attacks feasible.
Implications for Industry and Government
According to Sastry’s post, the urgency to adopt post-quantum cryptography is evident as industries begin incorporating these standards to protect sensitive information. The standards provide a clear path for government agencies, financial institutions and other sectors to transition to quantum-resistant methods for everything from digital signatures to secure communication channels. For businesses, adopting these standards proactively could mitigate the risk of data breaches and ensure continuity in secure transactions.
The NIST standards represent an industry-wide shift towards preparing for quantum-based threats, underscoring the long-term nature of digital security in a quantum world. According to Sastry’s post, adopting post-quantum cryptography standards today is an essential step for organizations looking to secure data and communications against future threats.
Sastry writes: “NIST encourages computer system administrators to begin transitioning to the new standards as soon as possible by inventorying their systems for applications that use crypto and prioritizing components for migration. Quantum computing presents a new threat that will require the entire industry to collaborate, develop and deploy solutions.”