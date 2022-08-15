The U.S. National Institute of Standards and Technology (NIST) recently selected four post-quantum cryptography (PQC) algorithms for standardization. We caught up with NXP Semiconductors’ cryptography expert to find out what it means.

There’s a lot of work going on to address the potential for security mayhem in the post-quantum world, when many of the public-key encryption systems in place today could be easily broken. As the U.S. National Institute of Standards and Technology (NIST) highlights, “If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the internet and elsewhere.”

Joppe Bos

In a recent interview with embedded.com, Joppe Bos, senior principal cryptographer at NXP Semiconductors, explained why we should be worried. He said, “Quantum computing has the potential to destroy security as we know it.” He added, “As the world becomes more connected and more data-driven, ensuring data and devices remain secure, even against quantum computers, is crucial. As NIST moves forward with developing a new post-quantum standard, NXP will offer our deep knowledge in security, and specifically our algorithmic expertise, to fortify our products for a post-quantum future. We aim to contribute to the common standard so that our customers can achieve long-term security in their own products.”

Many cybersecurity experts believe that when large-scale quantum computers come to fruition, the sheer computing power of these machines will be able to solve encryption challenges in a fraction of the time, breaking today’s public key encryption systems and leaving data, digital signatures and devices vulnerable. This creates substantial security risks for online devices and data, including financial transactions, critical infrastructure, over-the-air update mechanisms, and more.

This is the why NIST has been working with industry to develop standardized post-quantum cryptography (PQC) algorithms, which would then help in the development of cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing communications protocols and networks. As part of that process, in July 2022, NIST completed the third round of this PQC standardization process, selecting a total of four candidate algorithms for standardization, and four additional algorithms that will continue into the fourth round. The selected PQC algorithms will be used to develop a new public key encryption standard that is secure against both traditional and quantum computers.

The standards body recommends two primary algorithms to be implemented for most use cases: Crystals-Kyber (key-establishment) and Crystals-Dilithium (digital signatures); these were both selected for their strong security and excellent performance, and NIST expects them to work well in most applications. Crystals-Kyber was submitted by NXP along with security experts from IBM. “The industry security experts of IBM, NXP and Arm, together with their academic partners (ENS, RAB, CWI and RUB) have created an industry-leading submission that will help shape the way we think about encryption and security for decades to come,” said Michael Osborne, principal research scientist manager for foundational cryptography at IBM. “Kyber is not only faster than current standards, it provides our clients with strong security to protect systems and data as we enter the quantum era.”

NXP’s Bos said that the draft standards are expected in 2024, and so the company is working with customers already to consider what they need to be doing to migrate their products to implement the PQC algorithms once they become standardized. The important factor to understand here is that PQC can run on classical computing hardware found in devices we use today and does not require a quantum computer. Bos said customers are already seeking advice on developing post-quantum ready security on their devices, and NXP has engaged with many customers already on this. “In industrial IoT, customers are already aware, and in automotive, customers are getting nervous, so are also seeking advice.”

Scope of the NIST PQC standards. Note that PQC can run on classical computing hardware found in devices today and does not require a quantum computer. (Image: NXP Semiconductors)

The Crystals-Kyber algorithm co-designed by NXP is expected to be part of the new key-exchange standard that will eventually replace current standards such as NIST SP 800-56A Rev. 3.

In addition to these, the signature schemes Falcon and Sphincs+ will also be standardized. Falcon will also be standardized by NIST since there may be use cases for which Crystals-Dilithium signatures are too large. Sphincs+ will also be standardized to avoid relying only on the security of lattices for signatures. NIST is asking for public feedback on a version of Sphincs+ with a lower number of maximum signatures.

Not related to SIKE break at KU Leuven

In recent weeks, there has been a lot of coverage of the work of researchers at KU Leuven, describing an attack whereby they were able to demonstrate the breaking of code of one of the proposed NIST PQC algorithms for the fourth round in an hour of single core computation (and the strongest parameter set) in less than 24 hours.

We asked Bos to provide some perspective on this. He commented, “Yes researchers from KU Leuven found a new attack on SIKE: this is one of the algorithms selected to proceed to a next round and might be considered for standardization. This is not one of the four selected algorithms for standardization.”

“SIKE is an interesting approach based on isogonies, an approach very different from the lattice-based algorithms such as Kyber. This new attack was a surprise to the entire cryptographic community, and we congratulated the researchers at KU Leuven for this new approach. Their efforts and other, similar efforts by other researchers ensure that these algorithms are thoroughly tested to ensure they are able to protect against new and existing attacks.”

“Although this new approach has no impact on any of the four selected PQC standards, from a technical point of view this does harm the perceived trust of the end-users in PQC in general. Trust is a fundamental property in security which is very hard to obtain and easy to lose. That is why we are working hard to build demonstrators and proof-of-concept together with our customers to show we as the industrial leaders in security have trust in the new post-quantum public-key standards.”

