NIST FIPS 203, 204, 205 Finalized | PQC Algorithms

Written by Mehak Kalsi, Co-Chair, CSA Quantum-Safe Security Working Group.

Reviewed by Bruno Huttner, Co-Chair, CSA Quantum-Safe Security Working Group.

The Quantum Computing ecosystem has been waiting with bated breath for this moment and it’s finally here. The National Institute of Standards and Technology (NIST) of the United States has released three (3) Post-Quantum Cryptography (PQC) algorithms for use to counter the collapse of our current asymmetric cryptography infrastructure when a Cryptographically Relevant Quantum Computer (CRQP) becomes a reality. In simple terms, these Federal Information Processing Standards (FIPS) provide a description and implementation procedures of algorithms which should be resistant to attacks by a CRQP. Recent progress in quantum computing makes the advent of such a CRQP likely in the near future (5 to 10 years), therefore, all organizations need to prepare.

Considering the monumental challenge of upgrading asymmetric key cryptography and that the majority of organizations and networks use asymmetric key cryptography, the following is a list of choices that should be vetted and implemented at your organizations sooner rather than later.

FIPS Released

Let’s jump right into the deep end. The following are the three (3) standards and a little bit about each of them to help you decide what would work best for your organization.

• FIPS 203
  • Title: Module-Lattice-Based Key-Encapsulation Mechanism Standard
  • Link
  • Summary: This standard describes a set of algorithms known as module-lattice-key-encapsulation mechanism (ML-KEM). These algorithms should be used in conjunction with symmetric-key cryptographic algorithms for quantum-safe data encryption. They work by leveraging the strength and computational difficulty of the Module Learning with Errors problem. The standard contains a set of three (3) parameters; ML-KEM-512, ML-KEM-768, and ML-KEM-1024. The higher numbers are designed for higher security at the expense of decreasing performance in terms of speed and key length.

• FIPS 204
  • Title: Module-Lattice-Based Digital Signature Standard
  • Link
  • Summary: This standard describes module-lattice-based digital signature algorithm (ML-DSA). It can be used to “generate and verify digital signatures.” This provides authentication of the signer, integrity of the transaction, and non-repudiation by the signer.

• FIPS 205
  • Title: Stateless Hash-Based Digital Signature Standard
  • Link
  • Summary: This standard describes stateless hash-based digital signature algorithm (SLH-DSA) based on SPINCS+. Like FIPS 204, this focuses on digital signatures and allows us to continue to rely on them to confirm the authentication of the signer, the integrity of the data sent, and to provide non-repudiation for the signer.

Brief History and Timeline

NIST put out a request for proposals on December 20, 2016 for the cryptographers of the world to propose new key exchange and signature algorithms that would be quantum resistant. In July 2022, the three (3) PQC algorithm finalists were announced and released for public comments on August 24, 2023 by NIST. Comments were collected through November 22, 2023 and NIST worked tirelessly to address the comments to reach this point with the release of the algorithms listed here on August 13, 2024.

Note that new key exchange algorithms not based on lattices and new types of signatures are still under consideration by NIST and are expected to be finalized in the near future. Another type of key exchange mechanism known as Quantum Key Distribution (QKD), based on the properties of quantum mechanics, is also considered quantum-safe and could be used in conjunction with these algorithms.

Your Next Steps

Organizations need to think long (but not too long) and hard about their quantum-safe strategy. If you are a vendor or third-party to the United States Government (USG), they will come knocking asking for your quantum-safe strategy sooner rather than later. This is likely the case for most major governments of the world who hope to continue competing into the future on a global scale. The USG is investing heavily in their post-quantum plans, which would indicate a need for civilian organizations to do the same. You can start preparing here with Quantum-Readiness: Migration to Post Quantum Cryptography, which was a joint effort by CISA, the NSA, and NIST to help organizations get started on their post-quantum readiness journey.

If you’d like to learn more about what NIST is planning for post-quantum as well as other related topics, you can keep an eye out for PQC Seminars starting this fall on the NIST Computer Security Resource Center (CSRC) site. You can also find recordings of previous seminars in case you are interested in past topics. Additionally, you can refer to the various publications of the CSA Quantum-Safe Security Working Group, which can be found on the CSA website and on our LinkedIn page.

To wrap it all up, now is the time to move forward with your quantum-safe strategy and plans. Share this with your leadership to help them understand the importance and urgency of planning for a world where a Cryptographically Relevant Quantum Computer (CRQP) is becoming a rapid reality. If the USG, NIST, other nations, and agencies are spending time and money on preparing for a post-quantum future, it’s time for your organization to start as well.