The National Institute for Standards and Technology this week published draft post-quantum cryptography, or PQC, standards that are designed as a global framework to help organizations protect themselves from future quantum-enabled cyberattacks. Quantum computers offer significant benefits, especially in predictive analytics and conducting simulations. However, their use also introduces risks to financial institutions, as experts believe that individuals and organizations could use the computers to break or undermine commonly used public key encryption.
The standards were selected by NIST following a seven-year process that started when the agency issued a public call for submissions to the PQC standardization process. NIST is now seeking public feedback on three draft federal information processing standards, which are based upon four previously selected encryption algorithms. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. (A draft standard for FALCON will be released in about a year, according to the agency.)
NIST said the algorithms will be capable of protecting sensitive U.S. government information well into the foreseeable future, including after the advent of quantum computers. Comments are due Nov. 22.