In July 2022, NIST announced the first wave of PQC algorithms selected as potential 2024 cryptographic standards. The new 2024 standards are meant to replace currently deployed algorithms used to establish keys for secure communication and authenticate users through digital signatures. CRYSTALS-KYBER was announced as a candidate for a method that can be used by two parties to agree on a key, a step which precedes secure communication between those parties. As of August 2022, CRYSTALS-KYBER has demonstrated resilience against attacks using both classical and quantum algorithms.
NIST also selected three digital signature algorithms to provide quick and efficient methods to verify users’ identities: CRYSTALS-Dilithium, FALCON, and SPHINCS+:
- CRYSTALS-Dilithium, like CRYSTALS-KYBER, has demonstrated strong resilience against potential attacks.
- FALCON was selected to support specific use cases that have smaller resource requirements than what is needed with CRYSTALS-Dilithium.
- CRYSTALS-Dilithium and FALCON use the same underlying mathematics; therefore, SPHINCS+ was selected as an additional digital signature algorithm based on different mathematics.
The practice of choosing algorithms that rely on different mathematics to make it harder for sensitive data to be decrypted, known as “cryptographic diversity,” is critical to the overall success of PQC modernization efforts. Relying on one type of algorithm would prevent a rapid response to the constantly changing threat landscape related to the security of cryptographic algorithms.
The same NIST announcement notified the public of four additional key-establishment algorithms proceeding to a fourth round of consideration. However, shortly after the announcement of the fourth round, researchers were able to break one of the candidate PQC algorithms from a previous round of NIST’s standardization competition. The discovery of exploits in an algorithm that cleared three rounds of NIST’s official process reinforces the need for flexibility in the implementation of cryptosystems, also known as “crypto-agility,” which would permit cryptographic algorithms to be updated as more information on their security and longevity becomes available.