Ruhr-Uni-Bochum

From competition to standardization: Post-quantum cryptography methods are now standardized for global use

CASA PI Peter Schwabe and CASA Speaker Eike Kiltz were involved in the development of three of the four post-quantum cryptography (PQC) methods selected for standardization by the US National Institute of Standards and Technology (NIST).

Peter Schwabe and Eike Kiltz in the Open Space

Peter Schwabe (left) and Eike Kiltz (right) contributed significantly to the development of the new NIST standards. Copyright: RUB, Michael Schwettmann

Current advancements in quantum computing threaten the security of our digital communications. Classic asymmetric encryption methods are designed to be secure having classical and current computing capabilities in mind. Such schemes depend on difficult mathematical tasks such as prime factorization (breaking down a large number into its prime factors) which, if executed by classic computers, would require an immense amount of energy and tens of thousands of years. However, quantum computers can solve specific mathematical tasks very efficiently, meaning they could break classical asymmetric methods in a relatively short time.

To mitigate these risks, the National Institute of Standards and Technology published in 2016 its Post-Quantum Cryptography Standardization competition. Scientists from all over the world submitted proposals for new encryption methods that were intended to be immune to quantum decryption. The 82 proposals submitted, were reviewed in several rounds by the cryptography scientific community. In 2022, four cryptographic schemes were chosen for standardization: SPHINCS+, CRYSTALS-DILITHIUM, CRYSTALS-KYBER, and FALCON.

NIST publishes standards for Kyber (ML-KEM), Dilithium (ML-DSA), and SPHINCS+ (SLH-DSA), encryption schemes developed in Bochum by Peter Schwabe, Eike Kiltz, and their international partners.

The standards are intended to help implement the new encryption methods into online applications smoothly without the risk of disrupting current security safeguards. However, many companies have recognized the importance of implementing these new secure encryption methods even before the standards have been published. The adoption of Kyber has already started in 2023 and has been implemented by 17.1% of the clients using Cloudflare (as of August 5th, 2024 - according to Cloudflare). This translates to more than half a trillion connections per day terminating at Cloudflare secured using PQC. The biggest early adopters are services such as iMessage (Apple), Google Chrome, Signal, Zoom, and Cloudflare. With the publication of these standards, a boost in the adoption rate of these methods is expected. 

Together with international colleagues from numerous institutions, Peter Schwabe, CASA PI and director of Max Planck Institute for Security and Privacy (MPI-SP), and CASA Speaker Eike Kiltz, Professor for Cryptography at the Horst-Görtz-Institute for IT Security, Faculty of Computer Science of the Ruhr-University Bochum, contributed to what are now the two primary standards Kyber (ML-KEM), Dilithium (ML-DSA). Additionally, Peter Schwabe had also been involved in the development of the third cryptographic scheme SPHINCS+ (SLH-DSA). A fourth standard Falcon (FN-DSA) is expected to be finalized later, and the portfolio is planned to grow further in the coming years.

General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.