Developed over the past eight years, the standards, now available on the company’s website, are part of its post-quantum cryptography (PQC) project.
As a result, the documentation includes the algorithms' code, implementation guidelines for products and encryption systems and their respective use cases.
The first standard, FIPS 203 has been launched for securing information transmitted over public networks. It is set to become the primary standard for general encryption and is based on the CRYSTALS-Kyber algorithm, now renamed Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM).
Subscribe today for free
The second standard, FIPS 204, is designated as the main standard for safeguarding digital signatures. It utilises the CRYSTALS-Dilithium algorithm, now known as Module-Lattice-Based Digital Signature Algorithm (ML-DSA).
Finally, the third also addresses digital signatures but uses a different mathematical approach compared to ML-DSA and is used as a backup solution in case ML-DSA proves to become vulnerable.
Meanwhile, this standard incorporates the Sphincs+ algorithm, now referred to as the Stateless Hash-Based Digital Signature Algorithm (SLH-DSA).
NIST head of the PQC standardization project, Dustin Moody said: “There is no need to wait for future standards.
“Go ahead and start using these three. We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event.”
Commenting on the launch, a BT spokesperson said: “The publication of NIST’s first set of post-quantum cryptography (PQC) standards is a significant milestone for modern cybersecurity. The set of algorithms is a globally leading standard in a new era of protecting communications against cyber-attacks by quantum computers.
“Although Quantum Computers are not yet able to break cryptography, it’s important for organisations to have a plan for managing the risk. This begins with a risk assessment for each organisation.
"For example, services that provide encryption of data – particularly long-term sensitive data – may be at risk from an adversary who can tap their data today and will gain access to a cryptographically relevant quantum computer in future. Quantum readiness for these systems is a priority.”
The spokesperson for the telecoms giant added: “The technologies selected to mitigate the risks will involve both PQC and Symmetric Cryptography, and for some scenarios, also Quantum Key Distribution (QKD). We will increasingly see PQC implemented in OTT services, including web browsers and services, and cloud interfaces.
“For BT’s own systems, as always, we will manage the threat responsibly, ensuring that updates and changes are tested before deployment in live networks.”
RELATED STORIES
