Waterloo researchers feature prominently in NIST Post-Quantum Cryptography Standardization competition
The University of Waterloo emerged as the Canadian institution with the largest involvement in the latest round of submissions selected by the United States National Institute of Standards and Technology (NIST) in the Post-Quantum Cryptography Standardization process.
After three years of review, four submissions involving Waterloo researchers in the Department of Combinatorics and Optimization are among the seven finalists and eight alternates, still in the running for potential standardization in the future, selected by NIST in “round 3” of the competition-like process. There were originally a total of 69 submissions received from around the world.
Cryptographic standards are particularly important, as they enable secure communication and commerce at a global scale. These standards take a long time to develop, and the cryptographic standards available today were developed before cryptographers really took the threat of quantum computers seriously.
NIST is looking to find the best ways to establish a secret key between two parties on different communications channels to ensure the privacy of the communications between them, with the aim of selecting the best of these methods to become the new standard.
Schanck is the team lead for NTRU, which is the oldest system based on hard math problems around lattices in the competition. NTRU’s age, a long history of failed attempts to attack it, and the fact that its patents have now expired are among the reasons it emerged as a finalist.
“I was employed by Security Innovation from 2011 to 2016, while they owned NTRU Cryptosystems,” Schanck explains. “While I was there, I made several small improvements to the design, and these changes were incorporated into the NIST submission.”
Schanck is also a member of the team behind Crystals-Kyber, a much more recent design that offers a higher level of security than NTRU for a fixed performance budget.
“Another
finalist,
Saber,
is
a
tweak
on
the
Crystals-Kyber
design,”
Schanck
shares.
“We
expect
there
will
be
a
significant
discussion
between
the
two
teams
in
the
third
round,
and
hopefully
some
consensus
will
emerge
on
which
of
the
two
systems
is
the
better
design.”
Douglas
Stebila,
an
associate
professor,
is
a
co-submitter
of
the
alternate
candidate,
FrodoKEM.
Some
of
the
partners
on
FrodoKEM
include
Microsoft
Research
and
Google.
FrodoKEM belongs to the family of lattice-based cryptography, which also includes the NTRU and Crystals-Kyber submissions.
“The difference with FrodoKEM is that the mathematical problems it relies on have less structure,” Stebila says. “On the one hand, having less structure means that there are potentially fewer avenues of attack, but this does come at the cost of being less efficient and having larger communication overhead.”
Outside of the NIST process, earlier this year, FrodoKEM was selected by the German government’s Federal Office for Information Security as one of two post-quantum algorithms suitable for immediate use for long-term protection of information against quantum adversaries.
Professor David Jao and Geovandro Pereira, a post-doctoral fellow in Waterloo’s Institute for Quantum Computing, are the lead author and co-submitter respectively for alternate candidate
SIKE is a family of post-quantum key encapsulation mechanisms based on a key exchange protocol called Supersingular Isogeny Diffie-Hellman (SIDH), invented by Professor Jao. It contains two algorithms that make it difficult for hackers to intercept the key with either a classical or quantum computer.
“A notable advantage of SIKE is that it has smaller encryption keys than any other proposed candidate,” explains Jao. “This feature makes SIKE suitable for devices and applications where size is at a premium.”
The review process for the third round will last about a year, with NIST aiming to release the first standard for quantum-resistant cryptography in 2022.