Vitalii Gulenok/istock via Getty

Understanding NIST's post-quantum cryptography standards

NIST encouraged organizations to implement its three post-quantum cryptography standards to prepare for the emergence of powerful quantum computers that could threaten security.

NIST released its first set of post-quantum cryptography standards in August 2024, giving organizations a clear path forward in securing their systems with quantum-safe algorithms. The standards consist of three encryption algorithms engineered to withstand cyberattacks from a quantum computer.

Quantum computing technology has the potential to take complex variables into account and accomplish tasks that classic computers cannot, NIST states in its explainer on post-quantum cryptography. For example, quantum computers might be able to partake in drug design and create simulations of complex molecules.

But as experts race to build these powerful quantum computers, NIST has been working to address the potential security threats that could result from a quantum computer with the ability to break current encryption methods. The new standards are the result of an eight-year effort by NIST to tackle these issues under its post-quantum cryptography standardization project.

"Quantum computing technology could become a force for solving many of society's most intractable problems, and the new standards represent NIST's commitment to ensuring it will not simultaneously disrupt our security," said Laurie E. Locascio, NIST director and under secretary of commerce for standards and technology, in a press release.

"These finalized standards are the capstone of NIST's efforts to safeguard our confidential electronic information."

NIST recommended that organizations begin adopting these standards as soon as possible. For healthcare, like other industries, implementing these standards requires organizations to take a proactive approach now in preparation for the security challenges that will likely come with quantum computing in the near and distant future.

Why post-quantum cryptography standards are important

To Scott Crowder, vice president of quantum adoption and business development at IBM, the new standards are crucial for ensuring that data does not end up in the wrong hands in a post-quantum world. IBM cryptography researchers developed two of the three standards, and a scientist who has since joined IBM Research developed the third.

"What the U.S. government is spooked about is people being able to collect all the data that's on the internet today and then wait a number of years for the quantum computers to come, and then they can break all their cryptography and decrypt all the messages," Crowder explained to TechTarget Editorial.

"That is why they're being very proactive in certain sensitive industries to make this transition sooner rather than later. We can't do anything about stuff that got sent and captured five years ago, but we can do something about stuff that's sent and captured three months from now. That is one of the reasons why the U.S. government is pushing for people not to just ignore this until it's too late."

For that reason, researchers have spent the better part of the last decade identifying these new standards and fine-tuning encryption algorithms that are resistant to quantum attacks.

"This announcement is about NIST releasing the first standards or standard ways of doing asymmetric cryptography in a quantum-safe or post-quantum way in preparation for the days that quantum computers get bigger and badder, because we do not want our digital economy to fall down and then figure out how to fix it," Crowder said.

NIST's 3 new standards, explained

The three new post-quantum cryptography standards were designed for general encryption and digital signatures, which protect information exchanged across a public network and allow identity authentication, respectively.

The three algorithms NIST chose to standardize first, after dozens of algorithms were submitted by researchers worldwide, all use different complex math problems that will challenge both classical and quantum computers.

NIST explained the three finalized standards as follows:

  • Federal Information Processing Standard (FIPS) 203: It is intended as the primary standard for general encryption. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation. The standard is based on the CRYSTALS-Kyber algorithm, which has been renamed ML-KEM, short for Module-Lattice-Based Key-Encapsulation Mechanism.
  • FIPS 204: It is intended as the primary standard for protecting digital signatures. The standard uses the CRYSTALS-Dilithium algorithm, which has been renamed ML-DSA, short for Module-Lattice-Based Digital Signature Algorithm.
  • FIPS 205: Also designed for digital signatures, the standard employs the Sphincs+ algorithm, which has been renamed SLH-DSA, short for Stateless Hash-Based Digital Signature Algorithm. The standard is based on a different math approach than ML-DSA, and it is intended as a backup method in case ML-DSA proves vulnerable.

FIPS 203 and FIPS 204 were both created on the foundation of lattice-based cryptography, which can be more efficient and more resistant to cracking. The third standard, FIPS 205, is a stateless hash-based digital signature scheme that will further challenge quantum computers in the future.

"The trick was having really brilliant mathematicians come up with different kinds of math that future quantum computers are not expected to be good at so that they're safe against both classical and quantum," Crowder noted.

"The hard part is making sure that the implementation doesn't create its own security holes that cause it to be less secure."

In addition to these three standards, NIST said it plans to release a draft of the FIPS 206 standard in late 2024, based on FALCON.

What's more, NIST is continuing to evaluate two sets of algorithms that could serve as backup standards in the future. Even though NIST continues to evaluate other standards, NIST mathematician Dustin Moody, who heads the post-quantum cryptography standardization project, urged organizations to move forward with these three standards.

"Go ahead and start using these three," Moody stated in a NIST press release. "We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event."

Implementing post-quantum cryptography standards in healthcare

Healthcare organizations currently rely on cryptography to keep sensitive patient information private. As quantum computing gains traction, healthcare will need to adjust its strategy for keeping that information protected.

Crowder stressed the fact that it will likely take some time to implement these standards. To begin, Crowder recommended that organizations assess the cryptography they are currently using, evaluate the new standards, and understand what the implications are so they can start building a strategy.

Crowder suggested that organizations create an inventory of the cryptography that they are using or have built themselves and identify what they can fix now versus what they can fix later. The level of complexity within this task will depend on hygiene and how much of the code that an organization runs on was written internally.

"The second piece, which is also challenging, is more about getting the industry aligned to understand how we all interoperate and make sure that all of us in these systems that are across the organization or across vendors -- you can think of the supply IT supply chain for healthcare -- are aligned," Crowder noted.

"How do we make sure we are all talking the same language in terms of what standards and implementation of standards we're using so we can share information back and forth?"

Healthcare organizations have IT in their environments, but they also outsource certain IT functions and work with a variety of third-party vendors to complete critical functions. The challenge will be to ensure that the underlying platforms that healthcare relies on are also protected by these new standards.

"There is a bunch of work to do, and I think the first step is to understand what this means for you and where you are going to get started," Crowder suggested.

While it might seem daunting, organizations can begin implementing these standards by establishing a strategy for an organization-wide quantum-safe transformation. This strategy will ultimately keep sensitive data safe as quantum computing capabilities expand.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.

Dig Deeper on Cybersecurity strategies