From competition to standardization: Post-quantum cryptography methods are now standardized for global use

August 13, 2024

MPI-SP Director, Peter Schwabe, was involved in the development of 3 of the 4 post-quantum cryptography (PQC) methods selected for standardization by the US National Institute of Standards and Technology (NIST). Eight years after the competition was first announced, the first three quantum-resistant standards are now finalized, and a boost in adoption rates is expected soon.

Why do we need quantum-resistant encryption methods?

Current advancements in quantum computing threaten the security of our digital communications. Classic asymmetric encryption methods are designed to be secure having classical and current computing capabilities in mind. Such schemes depend on difficult mathematical tasks such as prime factorization (breaking down a large number into its prime factors) which, if executed by classic computers, would require an immense amount of energy and tens of thousands of years. However, quantum computers can solve specific mathematical tasks very efficiently, meaning they could break classical asymmetric methods in a relatively short time.

 

To mitigate these risks, the National Institute of Standards and Technology published in 2016 its Post-Quantum Cryptography Standardization competition. Scientists from all over the world submitted proposals for new encryption methods that were intended to be immune to quantum decryption. The 82 proposals submitted, were reviewed in several rounds by the cryptography scientific community. In 2022, 4 cryptographic schemes were chosen for standardization: SPHINCS+, CRYSTALS-DILITHIUM, CRYSTALS-KYBER, and FALCON.

NIST publishes standards for Kyber (ML-KEM), Dilithium (ML-DSA), and SPHINCS+ (SLH-DSA), encryption schemes developed in Bochum 

The standards are intended to help implement the new encryption methods into online applications smoothly without the risk of disrupting current security safeguards. However, many companies have recognized the importance of implementing these new secure encryption methods even before the standards have been published. The adoption of Kyber has already started in 2023 and has been implemented by 17.1% of the clients using Cloudflare (as of August 5th, 2024 - according to Cloudflare). This translates to more than half a trillion connections per day terminating at Cloudflare secured using PQC. The biggest early adopters are services such as iMessage (Apple), Google Chrome, Signal, Zoom, and Cloudflare. With the publication of these standards, a boost in the adoption rate of these methods is expected. 

Together with international colleagues from numerous institutions (see below), Peter Schwabe and Eike Kiltz from the “Cybersecurity in the Age of Large-Scale Adversaries” (CASA) Excellence Cluster (also in Bochum) contributed to what are now the two primary standards Kyber (ML-KEM), Dilithium (ML-DSA). Additionally, Peter Schwabe had also been involved in the development of the third cryptographic scheme SPHINCS+ (SLH-DSA). A fourth standard Falcon (FN-DSA) is expected to be finalized later.

 

Kyber Team

Roberto Avanzi, ARM Limited (DE)

Joppe Bos, NXP Semiconductors (BE)

Jintai Ding, Tsinghua University (CN)

Leo Ducas, CWI Amsterdam (NL) & Leiden University (NL)

Eike Kiltz, Ruhr University Bochum (DE)

Tancrede Lepoint, Amazon Web Services (US)

Vadim Lyubashevsky, IBM Research Zurich (CH)

John M. Schanck, Mozilla (US)

Peter Schwabe, MPI-SP (DE) & Radboud University (NL)

Gregor Seiler, IBM Research Zurich (CH)

Damien Stehle, CryptoLab Inc (FR)

 

Dilithium Team

Shi Bai, Florida Atlantic University (US)

Leo Ducas, CWI Amsterdam (NL) & Leiden University (NL)

Eike Kiltz, Ruhr University Bochum (DE)

Tancrede Lepoint, Amazon Web Services (US)

Vadim Lyubashevsky, IBM Research Zurich (CH)

Peter Schwabe, MPI-SP (DE) & Radboud University (NL)

Gregor Seiler, IBM Research Zurich (CH)

Damien Stehle, CryptoLab Inc (FR)

 

SPHINCS+ Team

Jean-Philippe Aumasson

Daniel J. Bernstein, University of Illinois at Chicago (US) and Ruhr University Bochum (DE) and Academia Sinica (TW)

Ward Beullens, IBM Research Europe - Zurich (CH)

Christoph Dobraunig, Graz University of Technology (AT)

Maria Eichlseder, Graz University of Technology (AT)

Scott Fluhrer

Stefan-Lukas Gazdag, genua GmbH

Andreas Hulsing, Eindhoven University of Technology (NL) & SandboxAQ (US)

Panos Kampanakis, AWS

Stefan Kolbl, Google (CH)

Tanja Lange, Eindhoven University of Technology (NL) & Academia Sinica (TW)

Martin M Lauridsen

Florian Mendel, Infineon Technologies (DE)

Ruben Niederhagen, Academia Sinica (TW) & University of Southern Denmark (DK)

Christian Rechberger, Graz University of Technology (AT)

Joost Rijneveld, Radboud University (NL)

Peter Schwabe, MPI-SP (DE) & Radboud University (NL)

Bas Westerbaan, Cloudflare

Go to Editor View