Post-Quantum Cryptography

The NIST Post-Quantum Cryptography standardization effort is a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms. The new public-key cryptography standards will specify one or more additional digital signatures, public-key encryption, and key encapsulation mechanisms (KEM) algorithms to augment Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS), as well as NIST Special Publication 800-56A Revision 3. NIST has outlined an estimated timeline of 2024 for the completion of this process, at which point the draft standards and call for public comments will be released.

Of the submissions remaining in the standardization process that are either to be standardized, or advancing onto further rounds of analysis, AWS team members have contributed to the key encapsulation mechanisms ML-KEM and the signature algorithms ML-DSA and SLH-DSA.

The standardization of hybrid key exchange in TLS 1.3. This IETF draft is motivated by the transition to quantum-resistant cryptography, in particular, defining more explicitly how we will navigate the transitional phase from classical to post-quantum algorithms in the Transport Layer Security (TLS) protocol version 1.3.

The standardization of the SPHINCS+ Signature Algorithm in the Cryptographic Message Syntax (CMS). CMS is the IETF's standard for cryptographically protected messages. It can be used to digitally sign, digest, authenticate or encrypt any form of digital data. This standard will provide the quantum-resistant algorithm SPHINCS+ into CMS.

The standardization of Dilithium Algorithm Identifiers for X.509 Public Key Infrastructure and Kyber Algorithm Identifiers for X.509 Public Key Infrastructure. These are two IETF drafts to describe the conventions for using Dilithium and Kyber quantum-resistant signature and KEM respectively in Internet X.509 certificates and certificate revocation lists. The conventions for the associated post-quantum signatures, subject public keys, and private key are also described.

The standardization of Post-Quantum Hybrid Key Exchange in Secure Shell that extends the SSH Transport Layer Protocol with post-quantum hybrid key exchange methods.

The European Telecommunications Standards Institute (ETSI) plays a leading role in the standardization of quantum-safe cryptography through its Technical Committee on Quantum-Safe Cryptography. The group focuses on identifying, evaluating, and standardizing post-quantum cryptographic algorithms and protocols, offering practical implementation guidelines to support a secure transition to quantum-resistant systems.In collaboration with academia, industry leaders, and governments, ETSI addresses the security impact of quantum computing, defines requirements for post-quantum algorithms, and provides best practices for deploying quantum-safe infrastructures.

Its work helps ensure interoperability, scalability, and performance in real-world applications. ETSI has published extensive technical reports and specifications on the transition to quantum-safe systems, including Technical Report TR 103 619 defining migration strategies and recommendations for Quantum-Safe schemes, and TS 103 744 on Quantum-Safe Hybrid Key Exchanges.

For more information, visit the ETSI Quantum-Safe Cryptography webpage.