Literature Review on NIST Standardized PQC-Algorithms

This project aims to analyze and summarize the post-quantum cryptographic (PQC) algorithms that NIST standardized in 2024. It will examine their parameterization options, application areas, and available implementations, providing a comprehensive overview of libraries and tools. The goal is to equip software engineers with the knowledge needed to effectively integrate these algorithms into diverse ecosystems.

Context

Shor’s algorithm, a groundbreaking quantum algorithm, demonstrated that quantum computers could efficiently break widely used cryptographic systems, such as RSA and ECC, by factoring large integers and solving discrete logarithms much faster than classical computers. What used to be a theoretical threat has rapidly become a practical concern, as advancements in quantum computing continue to accelerate, posing serious risks to the security of modern cryptography.

In response to this emerging reality, the National Institute of Standards and Technology (NIST), a global authority on cryptographic standards, launched a competition to identify new cryptographic algorithms capable of resisting quantum attacks. This initiative was aimed at addressing the vulnerabilities posed by quantum computing. After years of rigorous evaluation, NIST finalized three post-quantum cryptographic standards in August 2024, marking a major step forward in ensuring secure communications in the quantum era.

To safeguard systems long-term, NIST also emphasizes the need for Cryptographic Agility — the ability to seamlessly switch between cryptographic algorithms (or primitives) as new standards emerge or vulnerabilities are discovered. Implementing this agility requires robust tools, libraries, and frameworks to help software engineers efficiently integrate these new cryptographic standards into their systems.

Motivation

With the recent release of new post-quantum cryptographic standards, organizations face the growing need to transition to secure systems that can withstand quantum computing threats. Regulatory bodies and government agencies are expected to mandate this migration in the near future, prompting institutions to prepare for the shift sooner rather than later.

For decision-makers, understanding the strengths and limitations of these new cryptographic standards is essential for making informed choices. This includes evaluating the various options available, their specific applications, and the implications of each algorithm. The migration process begins with two critical steps: identifying the cryptographic methods currently in use and determining the most suitable post-quantum alternatives to replace them.

The urgency to migrate is driven by the need for secure, future-proof systems. Early preparation ensures organizations can avoid risks associated with outdated cryptography and keep pace with evolving security standards.

Goal

This project has three primary objectives:

1. Summarize the new post-quantum cryptographic standards: This includes providing a high-level overview of their inner workings, exploring their parameterization options, and recommending best practices for various use cases.
2. Survey available libraries and tools for deploying these standards: Map out the ecosystems in which these libraries are available (e.g., Windows, Linux, embedded systems) and assess their maintenance, reliability, and verification status.
3. Support practitioners in achieving cryptographic agility: Guide software engineers in adopting new standards to enhance cryptographic agility. This includes compiling a cryptographic inventory and outlining initial steps for transitioning to post-quantum cryptographic methods.

Requirements

Students interested in this project should have:

• Strong interest in information security, particularly cryptography.
• Desire to engage with new cryptographic standards and their ecosystems.
• Ability to analyze technical papers and specifications and summarize this information in a structured, clear, and concise manner.
• Familiarity with more than one platform or execution environment (e.g., web, Windows, Linux, embedded systems).

Pointers

• N. Alnahawi, et al., “ On the State of Crypto-Agility,” 2023, 2023/487. Accessed: Apr. 15, 2024.
• D. Joseph, et al., “ Transitioning organizations to post-quantum cryptography,” Nature, vol. 605, no. 7909, pp. 237–243, May 2022.
• L. Marchesi, M. Marchesi, and R. Tonelli, “ Reviewing Crypto-Agility and Quantum Resistance in the Light of Agile Practices,” in Agile Processes in Software Engineering and Extreme Programming – Workshops, 2024, pp. 213–221.
• D. Moody, et al., “ Transition to Post-Quantum Cryptography Standards,” National Institute of Standards and Technology, NIST Internal or Interagency Report (NISTIR) 8547 (Draft), Nov. 2024.
• P. W. Shor, “ Algorithms for Quantum Computation: Discrete Logarithms and Factoring,” in Proceedings 35^th^ Annual Symposium on Foundations of Computer Science: IEEE Comput. Soc. Press, 1994, pp. 124–134.

Others:

• National Institute of Standards and Technology (NIST)  PQC Standardization Project
•  NIST Releases First 3 Finalized Post-Quantum Encryption Standards. Press Release. (Aug. 2024).
• The three new Federal Information Processing Standards (FIPS)
  • FIPS 203:  Module-Lattice-Based Key-Encapsulation Mechanism Standard (formerly known as CRYSTALS-KYBER)
  • FIPS 204:  Module-Lattice-Based Digital Signature Standard (formerly known as CRYSTALS-Dilithium)
  • FIPS 205:  Stateless Hash-Based Digital Signature Standard (formerly known as SPHINCS+)
• Popular reference implementations:
  • Microsoft’s  SymCrypt (see  blog post about PQC integration)
  •  BouncyCastle