With IBM z16, application developers can preserve the future integrity of critical documents by implementing dual-signing schemes using the lattice-based cryptographic algorithm CRYSTALS-Dilithium, selected by NIST for standardization.
The algorithms are designed for two of the main tasks for which public-key cryptography is typically used—public key encapsulation (which is used for public-key encryption and key establishment) and digital signatures (which are used for identity authentication and non-repudiation):
- For public-key encryption and key-establishment, the key encapsulation mechanism (KEM) NIST selected is the CRYSTALS-Kyber algorithm. CRYSTALS-Kyber is the primary algorithm in the KEM category.
- For digital signatures, NIST selected three algorithms: CRYSTALS-Dilithium, FALCON and SPHINCS+ (read as “Sphincs plus”). CRYSTALS-Dilithium is the primary algorithm in the signature category. Three of these selected algorithms are based on a family of math problems called structured lattices, while SPHINCS+ is based on hash functions.
After six years of development and evaluation, the U.S. National Institute of Standards and Technology (NIST) selected the first group of cryptographic tools that are designed to withstand attacks posed by future quantum computers.
The four selected cryptographic algorithms will become part of NIST’s post-quantum cryptographic standard, expected to be finalized in about two years.
For more information about this news, visit www.ibm.com.