The National Institute of Standards & Technology (NIST) today published standards for a long-awaited FIPS-compliant version of the Kyber Post-Quantum Key Exchange algorithm. This marks an important milestone in upgrading the Internet protocols to protect against quantum computer attacks, even though implementing the changes remains complex and calls for extreme caution.
In July 2022, NIST selected CRYSTALS-Kyber, CRYSTALS-Dilithium, and SPHINCS+ for standardisation. The recent release of FIPS-compliant versions facilitates the transition to quantum-safe infrastructure for both public and private sectors. However, it does not mean that the entire Internet ecosystem is now secure from future quantum attacks.
The Internet Engineering Task Force (IETF), which defines how the internet is built, used and secured, will play a key role in developing the standards that harness these FIPS-compliant versions. To date, draft proposals have been submitted, but the IETF is yet to publish any internet standards relating to the FIPS-compliant versions of Kyber, also known as ML-KEM, or the original Kyber itself.
Andersen Cheng, Chairman of Post-Quantum explains, “The speed at which NIST has these FIPS-compliant versions is truly commendable and an important milestone. It means we are now moving from maths to engineering and implementation, which is still a complex endeavour, but one where organisations like IETF and the National Cybersecurity Center of Excellence (NCCoE) now play an integral role. We’ve already seen Google and Cloudflare adopt some of the draft proposals, but it will now be down to IETF to include support for the Kyber family in protocols such as Transport Layer Security (TLS) if the whole of the public Internet is to become quantum-safe.”
However, Cheng also advises organisations, particularly those in high-security sectors, not to wait for new protocols to be published. Instead, they should follow Google's lead, particularly due to the immediate threat of 'Harvest Now Decrypt Later' (HNDL) attacks, where encrypted data is stolen now by hostile actors to be decrypted by future quantum computers.
In August 2023, Google responded by taking preliminary action to upgrade its Chrome browser to support a hybrid of X25519 elliptic curve and Kyber algorithm in version 116 of the browser, using a draft submitted to IETF. Building on Google’s work, Post-Quantum has also rendered its entire software application portfolio quantum-safe end-to-end. This includes its identity application - Nomidio - with its backend services now meeting this new standard when used with Chrome v116 or higher in order to mitigate any HDNL vulnerabilities.
Cheng added, “It’s important for all organisations to realise that hybrid solutions exist, enabling migration to start immediately rather than waiting for updated Internet protocols like TLS, of which the timeline remains uncertain. The priority for us over the last few years has been real-world implementations across high-security industries. Despite our newly ratified IETF standard for a hybrid quantum-safe Virtual Private Networks (VPN) being publicly available for all to use, we still had to put in significant efforts to overcome multi-vendor interoperability and engineering challenges to connect between mobiles, desktops and servers under real world conditions.”