A Closer Look at NIST’s Legacy Encryption Algorithm Transition Plans and Finalized PQC Algorithm Standards

NIST sets key deadlines for retiring legacy encryption algorithms, with widely-used methods like RSA, ECDSA, EdDSA, DH, and ECDH set for deprecation by 2030 and full phase-out by 2035.

Last week, NIST released an Initial Public Draft (IPD) report outlining its recommended roadmap for transitioning from traditional public-key cryptographic algorithms to standardized post-quantum cryptography (PQC). This guidance provides a transition plan, including timelines and key considerations for migration, aimed at helping federal agencies, industries, and standards organizations transition their products, services, and infrastructure to PQC by 2035.

One of the key highlights of the report is NIST’s clear long-term plans for cryptographic transitions. The report includes a list of current and widely-used key establishment and digital signature algorithms that will soon be deprecated and eventually disallowed.

 

Digital Signature Algorithm Family Parameters Transition
ECDSA 112 bits of security strength Deprecated after 2030 and disallowed after 2035
≥ 128 bits of security strength Disallowed after 2035
EdDSA ≥ 128 bits of security strength Disallowed after 2035
RSA 112 bits of security strength Deprecated after 2030 and disallowed after 2035
≥ 128 bits of security strength Disallowed after 2035
Key Establishment             Scheme Parameters Transition
Finite Field DH and MQV 112 bits of security strength Deprecated after 2030 and disallowed after 2035
≥ 128 bits of security strength Disallowed after 2035
Elliptic Curve DH and MQC 112 bits of security strength Deprecated after 2030 and disallowed after 2035
≥ 128 bits of security strength Disallowed after 2035
RSA 112 bits of security strength Deprecated after 2030 and disallowed after 2035
≥ 128 bits of security strength Disallowed after 2035

NIST also points out that transitioning from algorithm standardization to full integration into information systems can take anywhere between 10 to 20 years. Given the time it takes and the rise of “harvest now, decrypt later” attacks, it’s more important than ever for organizations to start preparing for post-quantum cryptography (PQC) now. NIST’s report serves as a vital resource, offering clarity and direction to help begin and speed up the PQC adoption journey.

But first, it’s essential to understand more about the NIST’s finalized PQC encryption algorithm standards. So, here’s a quick overview of the standardized algorithms and the key factors to consider for the PQC migration.

Back in 2016, NIST kicked off the Post-Quantum Cryptography (PQC) Standardization Project aimed at developing trusted and tested PQC encryption algorithms that are secure against attacks by both classical and quantum computers.

In July 2022, after the third round of the standardization process, NIST made a preliminary announcement, unveiling the first four selected algorithms:

  • CRYSTALS-Kyber for KEM (Key Establishment Mechanism) for general encryption
  • CRYSTALS-Dilithium, Falcon, and SPHINCS+ for digital signature schemes

A year later, in August 2023, NIST released the Initial Public Drafts (IPD) of three of the above algorithms to get industry feedback and make appropriate revisions.

Again, a year later, after completing the fourth round of standardization, on August 13, 2024, NIST released the finalized PQC encryption algorithm standards with name changes:

  • FIPS 203: Referred to as ML-KEM, based on the CRYSTALS-KYBER algorithm for general encryption
  • FIPS 204: Referred to as ML-DSA, based on the CRYSTALS-Dilithium algorithm for digital signatures
  • FIPS 205: Referred to as SLH-DSA, based on the SPHINCS+ algorithm for digital signatures
Algorithm FIPS Name
CRYSTALS-KYBER FIPS 203: ML-KEM
CRYSTALS-Dilithium FIPS 204: ML-DSA
SPHINCS+ FIPS 205: SLH-DSA

Note: NIST has also announced plans to release the Initial Public Draft (IPD) of the FIPS 206 standard, which is based on the FALCON digital signature algorithm. This draft, tentatively named FN-DSA, is expected to be available soon.

AppViewX can help you implement crypto-agility and start preparing today for Post-Quantum Cryptography

Let’s now take a deeper dive into each of these standards:

1. FIPS 203

This standard specifies the ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) algorithm derived from the original CRYSTALS-KYBER. It is designed for a key encapsulation mechanism used to establish a shared secret key between two communicating parties over a public channel. The shared secret key can then be used for symmetric-key cryptography.

The ML-KEM algorithm is based on lattice-based cryptography, which relies on the difficulty of solving problems related to lattices. It is suitable for replacing RSA in secure key exchanges within certificates.

Key Considerations:

  • Only KEM Algorithm: Among NIST’s PQC standardized algorithms, CRYSTALS-KYBER is the only algorithm for Key Encapsulation Mechanism, making it essential for quantum-safe key exchanges. It is also a preferred algorithm compared to CRYSTALS-Dilithim for Lattice-based Crypto.
  • Performance: With high-speed key generation and encapsulation, CRYSTALS-KYBER is ideal for real-time applications. It outperforms traditional methods, being nearly twice as fast as X25519, an elliptic curve Diffie-Hellman key exchange algorithm. It is also faster than CRYSTALS-Dilithium in key exchange operations.
  • Resource Utilization: Optimized for low memory consumption, CRYSTALS-KYBER is well-suited for IoT and embedded platforms where resources are constrained.
  • Scalability: Supports various key sizes, allowing tailored security levels for diverse applications.
  • Lower Bandwidth Overhead: Efficient in bandwidth-limited environments, making it ideal for IoT applications.
  • Complex Implementation: The algorithm requires advanced cryptographic and machine learning expertise, adding complexity to deployment.
  • Potential Overhead: The use of complex machine learning algorithms can introduce performance trade-offs, especially in resource-limited environments.

2. FIPS 204

This Standard specifies ML-DSA (Module-Lattice-Based Digital Signature Algorithm) derived from the original CRYSTALS-Dilithium. It is designed for generating and verifying digital signatures.

Digital signatures help verify the identity of the signer and the integrity of the signed data. They also help with non-repudiation, where the signer cannot deny the signature at a later time.

ML-DSA is the primary standard for generating and verifying digital signatures and is the preferred algorithm to replace RSA-based signatures. NIST notes that it can be used in email, funds transfer, data interchange, software distribution, data storage, and other applications that require data origin and integrity verification.

Key Considerations:

  • Fast Signature Generation: ML-DSA comes with high efficiency for quick signing and verification, making it a strong candidate for high-speed applications.
  • Low Resource Requirements: Suitable for environments where resources are not a constraint.
  • Enhanced Security Features: Uses machine learning to improve resistance against specific attacks.
  • Adaptability: Adapts to various security needs, making it versatile across different applications.
  • Complex Implementation: Requires specialized knowledge of machine learning, complicating integration.
  • Potential Overhead: The complexity of machine learning models may add computational overhead in some contexts.

3. FIPS 205

This standard specifies SLH-DSA (Stateless Hash-based Digital Signature Algorithm) derived from the original SPHINCS+. While this, too, is designed for digital signatures, it employs a different mathematical approach from CRYSTALS- Dilithium and is intended as a backup method if CRYSTALS- Dilithium proves vulnerable. The standard is based on hash-based cryptography that leverages cryptographic hash functions that are difficult to decode.

Key Considerations:

  • Efficient Signature Generation: Just like CRYSTALS- Dilithium, SPHINCS+ also allows for quick signature generation and verification, making it suitable for high-performance systems.
  • Low Resource Consumption: Optimized for resource-constrained environments like IoT.
  • Robust Security: By leveraging statistical learning techniques, SPHINCS+ enhances resistance to certain types of attacks.
  • Flexibility: Can be tailored to various security levels and use cases, making it flexible for multiple deployment scenarios.
  • Implementation Complexity: Integrating statistical learning methods requires specialized knowledge.
  • Potential Performance Overhead: Complexity may introduce performance trade-offs in specific scenarios.

NIST’s finalized PQC standards are a big step forward in preparing for the quantum era. These standards lay the foundation for a secure future, addressing quantum threats head-on. They are built to tackle the demands of modern-day applications—whether it’s ensuring performance, scalability, or working within resource-constrained environments—without undermining security.

Yes, implementing these algorithms might feel complex, and the transition will take time, but NIST’s guidance provides a clear roadmap to follow. Now is the right time to start thinking about how your organization can adapt and prepare for what’s ahead.

Start Testing The PQC Algorithms Now and Get Post-Quantum Ready with AppViewX

To facilitate a seamless and efficient transition to PQC, AppViewX offers:

  • AppViewX PQC Test Center: A dedicated free online resource built to help organizations assess their PQC readiness by generating and testing quantum-safe certificates prior to their integration into existing systems, workloads, and machines. You can quickly set up your own quantum-safe PKI hierarchy and generate PQC-ready certificates and keys to test their compatibility with your environment. Visit the AppViewX PQC Test Center and begin your PQC journey today.
  • PQC Certificate Lifecycle Management: The AppViewX AVX ONE platform offers a comprehensive certificate lifecycle management solution to help enable PQC readiness and crypto-agility with complete certificate discovery and inventory, full certificate lifecycle automation, and total certificate control across the enterprise.

To get started on your PQC readiness journey, contact AppViewX today to learn how.

Tags

  • certificate lifecycle management
  • digital signature algorithm
  • NIST
  • PKI hierarchy
  • Post-quantum cryptography (PQC)
  • PQC readiness
  • public-key cryptographic algorithms

About the Author

Krupa Patil

Product Marketing Manager

A content creator focused on providing readers and prospective buyers with accurate, useful, and latest product information to help them make better informed decisions.

More From the Author →

Related Articles

Unlock Efficiency with AppViewX AVX ONE CLM and Service Catalog for Self-Servicing

| 5 Min Read

Apple’s Revised Proposal for 47-Day TLS Certificate Lifespans

| 6 Min Read

Key Takeaways from the Latest NIST Guidance on Transitioning to Post-Quantum Cryptography

| 6 Min Read