Cryptography

NIST Releases First 3 Finalized Post-Quantum Encryption Standards

Cryptography uses mathematical techniques to transform data and prevent it from being read or tampered with by unauthorized parties. That enables exchanging secure messages even in the presence of adversaries. Cryptography is a continually evolving field that drives research and innovation. The Data Encryption Standard (DES), published by NIST in 1977 as a Federal Information Processing Standard (FIPS), was groundbreaking for its time but would fall far short of the levels of protection needed today.

As our electronic networks grow increasingly open and interconnected, it is crucial to have strong, trusted cryptographic standards and guidelines, algorithms and encryption methods that provide a foundation for e-commerce transactions, mobile device conversations and other exchanges of data. NIST has fostered the development of cryptographic techniques and technology for 50 years through an open process which brings together industry, government, and academia to develop workable approaches to cryptographic protection that enable practical security.

Our work in cryptography has continually evolved to meet the needs of the changing IT landscape. Today, NIST cryptographic solutions are used in commercial applications from tablets and cellphones to ATMs, to secure global eCommcerce, to protect US federal information and even in securing top-secret federal data. NIST looks to the future to make sure we have the right cryptographic tools ready as new technologies are brought from research into operation. For example, NIST is now working on a process to develop new kinds of cryptography to protect our data when quantum computing becomes a reality. At the other end of the spectrum, we are advancing so-called lightweight cryptography to balance security needs for circuits smaller than were dreamed of just a few years ago.

In addition to standardizing and testing cryptographic algorithms used to create virtual locks and keys, NIST also assists in their use. NIST’s validation of strong algorithms and implementations builds confidence in cryptography—increasing its use to protect the privacy and well-being of individuals and businesses.

NIST continues to lead public collaborations for developing modern cryptography, including:

• Block ciphers, which encrypt data in block-sized chunks (rather than one bit at a time) and are useful in encrypting large amounts of data.
• Cryptographic hash algorithms, which create short digests, or hashes, of the information being protected. These digests find use in many security applications including digital signatures (the development of which NIST also leads).
• Key establishment, employed in public-key cryptography to establish the data protection keys used by the communicating parties.
• Post-quantum cryptography, intended to be secure against both quantum and classical computers and deployable without drastic changes to existing communication protocols and networks.
• Lightweight cryptography, which could be used in small devices such as Internet of Things (IoT) devices and other resource-limited platforms that would be overtaxed by current cryptographic algorithms.
• Privacy-enhancing cryptography, intended to allow research on private data without revealing aspects of the data that could be used to identify its owner.
• Digital Signatures, which is an electronic analogue of a written signature that provides assurance that the claimed signatory signed, and the information was not modified after signature generation.
• Random Bit Generation, which is a device or algorithm that can produce a sequence of bits that appear to be both statistically independent and unbiased.

NIST also promotes the use of validated cryptographic modules and provides Federal agencies with a security metric to use in procuring equipment containing validated cryptographic modules through other efforts including: FIPS 140, Cryptographic Programs and Laboratory Accreditation Cryptographic Module Validation Program (CMVP), Cryptographic Algorithm Validation Program (CAVP), and Applied Cryptography at NIST's National Cybersecurity Center of Excellence (NCCoE).