On Tuesday, NIST announced its first set of post-quantum cryptographic algorithms, marking a significant advancement in cybersecurity. Unveiled at the White House, these new standards are designed to protect critical systems and information against future quantum computers, which could potentially break through current encryption methods in a fraction of the time it takes today.

But first, what are quantum computers, and is this a threat we need to worry about now?

The short answer to the latter question is not yet, at least not technically. While quantum computers are not an immediate threat, we are already seeing data and software being stolen with the intent of decrypting it in the future when quantum computers become available to adversaries.

So, what exactly are quantum computers? These are next-generation machines that leverage the principles of quantum physics—specifically, the concept that particles can exist simultaneously in multiple states—to perform computations at speeds far surpassing those of classical computers. They exploit quantum bits, or qubits, which can represent multiple states at once.

Although quantum computers are not yet close to being commercially available, the preparation for their arrival must begin now. Once these machines become accessible—a prospect that is increasingly seen as a matter of “when” rather than “if”—they could potentially render nearly all public encryption keys currently in use obsolete, compromising the security of everything on the public internet as we know it.

Further complicating matters, historical data suggests that it could take up to two decades to fully implement new encryption standards. This underscores why NIST has spent the past eight years developing these standards and why they are urging organizations to adopt them now. Since 2016, during the Obama Administration, NIST has reviewed numerous submissions and conducted multiple rounds of evaluations to identify encryption methods that are resilient to attacks from quantum computers. The goal has been to ensure that public key cryptography—especially in critical areas—can be future-proofed.

NIST has introduced three new algorithms aimed at countering the threat posed by quantum computers:

• Federal Information Processing Standard (FIPS) 203 (ML-KEM): This encryption standard is based on the CRYSTALS-Kyber algorithm, rebranded as the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM). It provides a robust method for encrypting data.
• FIPS 204 (ML-DSA): Designed for digital signatures, this standard employs the CRYSTALS-Dilithium algorithm, now known as the Module-Lattice-Based Digital Signature Algorithm (ML-DSA). It ensures the authenticity and integrity of digital communications.
• FIPS 205 (SLH-DSA): This standard also addresses digital signatures but uses the Sphincs+ algorithm, renamed to Stateless Hash-Based Digital Signature Algorithm (SLH-DSA), as an alternative to ML-DSA.

With the possibility of quantum computers becoming a reality increasing each year, it is crucial to start preparing sooner rather than later to ensure that the future is safeguarded against the new cyber threats that quantum computing will bring.