NIST aims to quantum-proof encryption with new algorithms
Three algorithms are now in draft and more are on the way to bolster enterprise defenses


The US National Institute of Standards and Technology (NIST) has published draft standards for three algorithms aimed at withstanding attack by quantum computers.
Of the three published so far, CRYSTALS-Kyber is designed for general encryption purposes, such as creating secure websites. The other - CRYSTALS-Dilithium and SPHINCS+ - are aimed at protecting digital signatures.
A fourth, FALCON, is also designed for digital signatures and will be published in 2024.
Quantum technology remains a specter looming over cryptography and has the potential to crack many - if not all - public key encryption techniques. Current techniques are based on mathematical problems that a classical computer would struggle to solve.
The promise of quantum computers - if and when they finally arrive in a usable state - solves those problems, effectively making current encryption techniques redundant.
NIST acknowledged that quantum computers remained in their infancy and systems powerful enough to defeat encryption algorithms did not yet exist. However, it said: “It’s important to plan ahead, in part because it takes years to integrate new algorithms across all computer systems”.
More on quantum and encryption
The point was echoed by Tim Callan, chief experience officer at Sectigo, who urged organizations to adopt a crypto-agile stance that permitted cryptography to be changed at will. He said: “Amazingly, most enterprises can't even tell you what cryptography they have implemented, where it is, how it's being used, whether or not it meets current standards”.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
NIST’s announcement has been years in the making. Its efforts to develop quantum-resistant algorithms began in 2016 and have culminated in draft Federal Information Processing Standards (FIPS) for the selected algorithms.
An additional set of algorithms is expected in 2024 to augment the first set. Dustin Moody, a NIST mathematician and leader of the project, said that the second sets would likely only consist of one or two algorithms and would be designed for general encryption. They would also be based on different mathematical problems, affording alternative defense methods.
That need for an alternative defense method was underscored in 2022 when one algorithm planned for the second set, SIKE, was cracked with a conventional computer.
RELATED RESOURCE
Addresses security and compliance concerns while reducing your dependence on scarce cloud security talent.
NIST is far from alone in planning for a future where traditional encryption techniques might be defeated by quantum computers. Google recently announced it would support X25519Kyber768 for TLS secrets in Chrome. The hybrid consists of X25519 - an elliptic curve algorithm, and Kyber-768 - a quantum-resistant key encapsulation method.
Echoing NIST’s remarks, Google said of the change rolled out in Chrome 116: “Many types of asymmetric cryptography used today are considered strong against attacks using existing technology but do not protect against attackers with a sufficiently-capable quantum computer”.
Callan applauded Google’s move to enable the changeover from traditional encryption, noting that a wholesale change of supporting hardware and software would be required. He also noted that the update “makes use of these algorithms much more practical in development or fully controlled environments”.
NIST expects that the completed post-quantum standards will replace three existing NIST cryptographic standards deemed most vulnerable to quantum computers: FIPS 186-5, NIST SP 800-56A, and NIST SP 800-56B.

Richard Speed is an expert in databases, DevOps and IT regulations and governance. He was previously a Staff Writer for ITPro, CloudPro and ChannelPro, before going freelance. He first joined Future in 2023 having worked as a reporter for The Register. He has also attended numerous domestic and international events, including Microsoft's Build and Ignite conferences and both US and EU KubeCons.
Prior to joining The Register, he spent a number of years working in IT in the pharmaceutical and financial sectors.
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly
-
Get started on post-quantum encryption, organizations warned
News The UK's national cybersecurity agency is urging companies to begin preparing themselves for quantum threats by 2035.
By Emma Woollacott
-
C-suites consider quantum a serious threat and "amazing" deepfake attacks are just 'months away'
News Deepfake technology has matured at a rapid rate, and video scams are likely to be a on par with the more convincing voice-only campaigns very soon, one expert says
By Rory Bathgate
-
GSMA partners with IBM, Vodafone on Post-Quantum Telco Network Taskforce
News The three organisations will work together to create a roadmap to implement quantum-safe networking
By Daniel Todd
-
How quantum computing could change cyber security
Sponsored The huge leap in computing performance from quantum computing poses a threat to traditional security, but there are steps you can take to guard against the quantum future
By IT Pro
-
US unveils next-gen encryption tools to withstand quantum computing attacks
News The National Institute of Standards and Technology (NIST) hopes to offer a variety of tools for quantum-proof encryption
By Zach Marzouk
-
BT and Toshiba address QKD concerns with new trial
News The National Cyber Security Centre (NCSC) previously raised concerns of potential attacks
By Sabina Weston
-
AWS launches quantum random number generator
News The cloud giant is using an Australian university’s technology to help customers access random numbers for experiments through an API
By Zach Marzouk
-
Quantum security: The end of security as we know it?
In-depth It’s a core component of the developing DARQ technologies, but if a quantum computer performs as expected it could wreak havoc on cyber security
By David Howell