Connect with us

Hi, what are you looking for?


Data Protection

NIST Announces Post Quantum Encryption Competition Winners

The National Institute of Standards and Technology (NIST) announced July 5, 2022, the first group of four encryption tools designed to tackle the looming threat of quantum computer crypto cracking capabilities. Four more are still being evaluated, and finalists from these will be announced in the future.

The National Institute of Standards and Technology (NIST) announced July 5, 2022, the first group of four encryption tools designed to tackle the looming threat of quantum computer crypto cracking capabilities. Four more are still being evaluated, and finalists from these will be announced in the future.

The need for post quantum cryptography (aka quantum-resistant encryption) is driven by the increasing belief that quantum computers with enough power to crack current PKI cryptography (used to secure communications today) will be available within five to ten years.

Because of this, it is believed that adversaries, including nation states, are already engaged in a wide-ranging ‘harvest now, decrypt later’ campaign. Communications are being stolen and stored, awaiting quantum decryption in a few years’ time. 

Since secrets – and especially state secrets – have a long shelf life, it is imperative for national security and commercial intellectual property that no future secrets can be stolen in this manner. What has already been harvested and stored is lost; but future secrets can be protected by encryption that can resist even quantum-powered decryption.

NIST started a competition to select standard post quantum encryption algorithms in 2016, and the speed of the competition’s progress attests to the urgency of the issue. “We’re looking to replace three NIST cryptographic standards and guidelines that would be the most vulnerable to quantum computers,” said NIST mathematician Dustin Moody at the time. “They deal with encryption, key establishment and digital signatures, all of which use forms of public key cryptography.”

The intention has always been to have more than one quantum resistant standard option for each category. The four announced on July 5, 2022, are CRYSTALS-Kyber (for general encryption), and CRYSTALS-Dilithium, FALCON, and SPHINCS+ (for digital signatures).

Kyber can use comparatively small keys that can easily be exchanged by two parties. NIST recommends Dilithium as the primary algorithm for digital signatures, with FALCON available for applications that need smaller signatures. SPHINCS+ is larger and slower than these, but is included as a possible backup for one primary reason: it uses a different underlying math approach than the other three algorithms.

Advertisement. Scroll to continue reading.

“NIST’s choices of lattice-based signature and KEM schemes, along with a symmetric setting signature scheme, give the community sound choices to begin the transition from today’s cryptography to those suitable for the quantum age,” comments professor Liqun Chen from the University of Surrey’s Center for cyber security.

On June 29, 2022, QuSecure announced that it had been awarded the Small Business Innovation Research (SBIR) Phase III Federal Government procurement contract for PQC solutions – making it effectively a recommended product for federal agencies while remaining available to private industry. QuSecure’s QuProtect product can work with any algorithm, both classical and quantum resistant, conforming to NIST’s purpose of providing options. Existing classical algorithms can be given post quantum resiliency by QuProtect, while newer post quantum algorithms can be incorporated, used and then swapped for alternative algorithms with ease.

“We have seen NIST shorten the timeline for their decision on quantum resilient cryptography from 2024 to July 5th,” comments Skip Sanzeri, co-founder and COO of QuSecure. “Pushing up the timeline is a direct response to the growing urgency of the quantum threat. Both the White House’s executive memos this year and the accelerated NIST standardization, combined with the international race to quantum advantage, underscore the importance of both government and enterprise starting this network upgrade cycle immediately.”

The open nature of the NIST competition meant it was little surprise that Kyber would be selected for standardization. QuSecure recognized this and used Kyber in a pilot project for the US government that has been running since June 21. Since then, “It has been protecting US Government airspace data with 100-percent up-time using the now-standard Kyber cryptosystem,” announced QuSecure.

Related: Quantum Computing’s Threat to Public-key Cryptosystems

Related: QuSecure Launches Quantum-Resilient Encryption Platform

Related: Quantum Computing Is for Tomorrow, But Quantum-Related Risk Is Here Today

Related: Mitigating Threats to Encryption from Quantum and Bad Random

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...