Staff Spotlight: NIST Post-Quantum Cryptography

In July, NIST announced the third-round candidates for the Post Quantum Cryptography (PQC) Standardization Project, intended to determine the best algorithms to help form the first post-quantum cryptography standard. For decades, NIST has been actively involved in cryptography, and NIST mathematicians like Dr. Angela Robinson predict future quantum computers could break the current public-key cryptography tools. A solution is needed now to protect many current websites and applications from future attacks.

We asked Dr. Robinson several questions about her work with post-quantum cryptography and her volunteer initiative with young female students learning about math. Her background includes a Bachelor of Science degree in Mathematics from Baylor University and a Master of Science and PhD in Mathematics from Florida Atlantic University. Her research interests include post-quantum cryptography and zero knowledge proofs. She is a mathematician in the NIST Information Technology Laboratory Computer Security Division, where she contributes to the current NIST Post-Quantum Cryptography Standardization effort.

1. What is your background, and how did you end up working at NIST on PQC?

I am formally trained in mathematics. I learned about cryptography in high school and was introduced to post-quantum cryptography as a PhD. student when I attended the PQC Summer School in 2014. That was a very formative experience.  I was introduced to the basic mathematical building blocks of PQC and toured quantum materials and information labs where I saw quantum lasers for the first time. I was introduced to NIST during the summer school in 2014. Quite honestly, I was very impressed by the NIST staff and their research and surprised at how approachable they were.

Then I attended the PQCrypto Conference in 2016, and that was when NIST announced the future plans for PQC standardization. I was still a student, but at that time looking to pivot to more finalized research in PQC, so I really wanted to learn more about NIST. I had an opportunity to visit NIST and chat with the PQC team while working on a summer internship with the Department of Defense. I was struck by how much the NIST Gaithersburg campus felt like a university without classrooms, how the setting felt very academic, but without the burden of teaching! It seemed like an ideal place for me.

In 2018, after finishing my PhD., I was hired by NIST and joined the Cryptographic Technology Group. I also work on privacy enhancing cryptography, helping with the industry-led zero knowledge proof standards push that is currently happening. At an extremely high level, zero knowledge proofs enable  a party’s data to be verified without revealing that data to another party. We are working alongside industry leaders to advise and help with the structure, community reference documents, and offering feedback.

2. Could you tell us about the PQC program, selection process, and associated research/NIST reports?

The Post-Quantum Cryptography (PQC) Standardization Project effort is designed to replace the current NIST standards for public-key cryptography and digital signatures. There is a quantum algorithm that is known to be able to break the current public-key cryptography standards, but there aren’t full-scale quantum computers that could mount the attack…yet. As quantum technology continues to develop and evolve, researchers anticipate that in 10 to20 years, quantum computers could break our current standards, so it is essential that we find replacement cryptosystems now so that everyone can be prepared. 

NIST took the lead. Instead of creating new replacements, NIST posted a call for proposals from the community and is running a competition-like process to find a new public-key cryptography standard.  We accepted proposals internationally to be considered for standardization, and the selection process has been broken down into several rounds of selection, with the best schemes advancing to the next round. The competition has generated lots of input from the community, and at this point, we have 15 schemes still under consideration.

What’s interesting about this “competition” is that we aren’t limiting the final selection to only one algorithm. There are at least four general categories of mathematical problems that are believed to be resistant to quantum computers. We are hesitant to only select one scheme that represents a single category in case that category is no longer quantum resistant.  Sometime next year, at the end of the current round of the “competition,” we hope to announce a few algorithms ready for standardization.

3. What does the future of PQC look like; what should people expect; what roles will NIST play?

For the average person using encrypted websites everyday – like banking apps – you can see what crypto schemes the apps or sites are using.  We know that the current schemes can be broken by a quantum computer. When these websites and apps migrate to post-quantum schemes, I don't think the average user will know it is happening.  To the user, the migration might come in the form of a software update, though the new schemes might cause slower processing times.  In an ideal world, the migration will not affect the average person at all…but let’s see how it goes!

The current crypto standards are very nice in terms of computation time and memory requirements. Some of the potential new standards may not be very fast or have very large key sizes, so it is possible that users start to notice slower refresh rates, or the existing devices won’t have enough memory to manage a new system. Everyone, from industry to NIST, is working very hard to make sure that doesn't happen. Industry especially doesn't want to deploy products with something that consumers won’t like or find too cumbersome.

4. Could you tell us about your volunteer work helping girls become interested in mathematics?

For the past two years, I have volunteered with the Girls Talk Math Camp at the University of Maryland, a two-week summer program for high school girls to learn about mathematics. I should add that this camp is targeted at all underrepresented genders.  I spoke to the students about cryptography and what I do as a mathematician at NIST. I also helped organize a one-day winter follow-up event, which featured a math-themed escape room, keynote speaker, and Wikipedia edit-a-thon. This summer we hosted a virtual GTM camp, and I invited two other NIST researchers to serve on the camp’s Career Panel. I try to meet the girls where their interests are, so if they already know they want to do something medical-related, I would talk about mathematical biology, for example.

I also work with Women in Technology in the greater Washington, D.C. area, serving as a mentor in their Mentor Protegee Program.  I recently spoke as a panelist to girls about cybersecurity careers and cybersecurity in general. Some students aren’t interested in math, but they are open to coding, so I focus on that for them.

Outreach is a very rewarding experience. I really enjoy exposing these young girls to more career possibilities. I grew up in Killeen, Texas, a semi-rural area where I wasn’t often exposed to professionals or professional career opportunities. My ideas of what were possible were very limited while in middle and high school, but that expanded significantly when I went to Baylor University for undergraduate studies.

5. What is your favorite thing about working at NIST?

I love the NIST culture, the campus, and I’m very happy here. It’s an academic environment, the people love their research, and it’s great to work with experts in all areas of cryptography, learning so much from every discussion. It’s a place where I feel safe and I have access to all the resources I could want for my research.