On July 17, 2023, the National Institute of Standards and Technology (NIST) announced a new set of 40 candidates to compete in their Post-Quantum Crypto Standardization Process for digital signatures. The call for these candidates was issued in September 2022 and ended June 1, 2023. This new round is independent of the ongoing standardization process of the CRYSTALS-Dilithium, FALCON and SPHINCS+ signature schemes that were chosen for standardization in July 2022.
Why more candidates?
While standards for CRYSTALS-Dilithium, FALCON and SPHINCS+ are expected in 2024, more variety is desired: Both CRYSTALS-Dilithium and FALCON are based on the assumed difficulty of solving certain mathematical problems in structured lattices of large dimensions, and NIST has been explicitly asking for candidate submissions that are not based on such structured lattices. Meanwhile, SPHINCS+ is a hash-based signature scheme of the so-called stateless variant, which has considerable efficiency disadvantages.
Of course, there are use cases that have an urgency to already deploy quantum-safe cryptography, such as firmware updates to long-lived connected devices. These applications need to rely on what is available right now, which are the IETF-standardized stateful hash-based signature schemes XMSS/XMSSMT and LMS/HSS. Stateful schemes, however, are not suitable for general purpose use due to the challenge of managing the state of the scheme.
The new candidate schemes.
The 40 new digital signature schemes in the current competition utilize a variety of different mathematical objects such as error-correcting codes, isogenies, lattices, and multivariate polynomials, and cryptographic concepts such as multi-party computation or symmetric cryptography. Just like with the previous PQC competition that is about to end, this new process will involve several rounds of elimination, with hopefully some schemes surviving that satisfy both security and efficiency requirements. We at Cryptomathic continue to closely follow the process that is expected to last for several years.
Why digital signatures?
Digital signatures form the cornerstone of modern electronic commerce and communication. They provide the means for individuals to electronically sign documents to authenticate and validate them, as well as to protect data from tampering or alteration by unauthorized parties. Digital signatures are used for a variety of purposes, such as legally binding contracts, encryption keys, certificates of authenticity, website login credentials, email authentication and verification of digital documents.
Continued advances in quantum computing are set to undermine the cryptographic algorithms that provide the backbone of many of today’s cybersecurity standards. While no one can predict when exactly quantum computers will be able to crack current encryption and digital signature methods, our society and economy is at significant risk whenever that happens, quite possibly within the next 25 years.
Post-quantum cryptography (PQC) is the cryptographic research community’s answer to the threats posed by quantum computing. Its goal is the development of cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing communications protocols and networks.
It is important to understand and acknowledge that although PQC research has been ongoing for years, and standardization of PQC algorithms is materializing, that there is currently no way of predicting which PQC algorithms will persevere, and which use will pervade as dominant over others. Being agile and able to switch algorithms is therefore going to be a key parameter to look out for in planning the preparation for the use of crypto in the post-quantum world.