Evaluation of Lattice-Based Candidates in the NIST Post-Quantum Cryptography Standardization Process
Southwest Virginia Node
Travis Morrison, assistant professor, mathematics, Virginia Tech
Kris Gag, professor, cryptographic engineering, George Mason University
A large-scale quantum computer will break all currently deployed public-key cryptosystems. To prepare for the coming “post-quantum” world, The National Institute of Standards and Technology (NIST) is running a process to standardize one or more public-key cryptosystems which are secure even against an adversary with a quantum computer. Round 3 of this process officially began October 23, 2020 and will last 12-18 months, perfectly overlapping with the period of activity of this call for proposals. The PIs will implement in hardware and benchmark lattice-based cryptographic algorithms which are under consideration for standardization. In previous standardization efforts led by NIST, hardware benchmarking proved to be a critical tool for selecting finalists. Implementing these algorithms in hardware requires domain expertise in both engineering and computational number theory due to the complex mathematical algorithms these schemes are based on. The PIs will analyze the security of these implementations by estimating concrete costs of attacking the scheme to an adversary equipped with a quantum computer. Understanding concrete costs (versus mere asymptotic costs) is critical to building confidence in the security of these cryptosystems. The PIs will also analyze the resilience of these protocols against side-channel attacks.