December, 2022
Public-key cryptography is used everywhere, from protecting personal and financial information to verifying digital signatures. A powerful quantum computer, on the other hand, can easily break almost all current public-key cryptosystems. Last summer, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) selected the first set of encryption tools designed to withstand hacking by a future quantum computer.
Researchers from Florida Atlantic University’s Schmidt College of Science Department of Mathematical Sciences are actively involved in the development of the NIST’s post-quantum cryptography standards.
Shi Bai, Ph.D., an associate professor in the Department of Mathematical Sciences, is involved in the CRYSTALS-Dilithium scheme, one of four quantum-resistant cryptography algorithms standardized by the NIST. Among the three signature (e.g., electronic signing) algorithms selected (CRYSTALS-Dilithium, Falcon and SPHINCS+), NIST recommends CRYSTALS–Dilithium nationwide to protect sensitive information in digital systems we rely on every day — such as online banking, email software and government data.
“The goal of post-quantum cryptography is to create cryptographic systems that are secure against both quantum and classical computers which can be easily deployed in existing communication infrastructure and Internet protocols,” Bai explained.
The CRYSTALS-Dilithium scheme was also influenced by an earlier work on signature compression published in 2014, by Bai and Steven Galbraith, Ph.D. (University of Auckland).
“I’m very excited to have been selected by the NIST,” Bai said. “It also motivates me to work harder.” Bai is the only researcher on the Dilithium team from a college or university in the United States, and he is one of only two Americans on the team.
This selection is a critical step toward protecting the nation’s cyber infrastructure. The four selected encryption and signature algorithms will be included in NIST’s post-quantum cryptographic standard, which is anticipated to be finalized in about two years.
The NIST launched the first round of submissions in 2016 to begin the establishment of a post-quantum cryptography standard. The entire process takes several years and incurs multiple rounds of review. The algorithm developed by Bai’s team was chosen in the third round, and the fourth and final round is currently underway.
Edoardo Persichetti, Ph.D., an associate professor in FAU’s Department of Mathematical Sciences, is working on three post-quantum algorithms (BIKE, Classic McEliece, and HQC), which have advanced to a fourth round for potential future standardization by the NIST. Persichetti is also one of only two American researchers on his team.
To underscore the need for such futuristic technology, on the national level, the White House has issued several memorandums requesting quantum-resistant cryptography. In a memorandum issued on May 4, 2022, “National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems” stated: “Within 90 days of the date of this memorandum, the Secretary of Commerce, through the Director of NIST, shall establish a ‘Migration to Post-Quantum Cryptography Project’ at the National Cybersecurity Center of Excellence to work with the private sector to address cybersecurity challenges posed by the transition to quantum-resistant cryptography.”
Major government agencies have already adopted or plan to adopt the new NIST standard. For example, the National Security Agency’s (NSA) CNSA 2.0 algorithm selections were based on the NIST’s recently announced quantum-resistant cryptography standardization selections.
The NIST standard is expected to be adopted by the majority of businesses in the industry. For example, the National Cybersecurity Center of Excellence (NCCoE) is currently advising technology collaborators such as Amazon Web Services, Cisco, Microsoft, and VMware, to implement the new national standard.
The CRYSTALS-Dilithium standard is the result of a multi-national collaborative effort, which included researchers from Centrum Wiskunde and Informatica (Netherlands), Ruhr Universität Bochum (Germany), Google (USA), IBM Research Europe and ETH (Switzerland), Max Planck Institute for Security and Privacy (Germany) and Radboud University (Netherlands), ETH, and ENS de Lyon (France).