In his presentation, René Peralta described (slides, video) the role and “spirit” of NIST. The National Institute of Standards and Technology (NIST) is a non-regulatory government agency focused on driving innovation, industrial competitiveness, measurement science, standards of technology, economic security, and quality of life. NIST’s cryptographic technology group plays a pivotal role in researching, developing, and providing guidelines on best practices for cryptographic algorithms and problems.
NIST and Cryptography
NIST has been actively involved in various cutting-edge cryptographic projects, including the generation of random numbers through the NIST Randomness Beacon, quantum-resistant cryptography to address the vulnerabilities posed by large-scale quantum computers, and circuit complexity analysis for optimizing cryptographic computations.
As NIST explores standardization in advanced cryptography domains beyond traditional encryption, hashing, and digital signatures, they face several key challenges. With limited resources, NIST must carefully consider the risks of standardizing techniques prematurely, as once a standard is issued, companies invest heavily in complying with it, making it difficult to backtrack.
When should we standardize?
One critical question is determining when a cryptographic technique is sufficiently mature for standardization. Should NIST prioritize standardizing quantum-resistant techniques or address the immediate needs of industry by standardizing non-quantum-resistant but practically useful techniques like pairing-based cryptography?
NIST’s privacy-enhanced cryptography project aims to track and leverage cryptographic tools that enhance privacy, including zero-knowledge proofs, multi-party computation, fully homomorphic encryption, private set intersection, group signatures, functional encryption, private information retrieval, and structured encryption. The COVID-19 pandemic highlighted the importance of these techniques for privacy-preserving contact tracing.
When deciding whether and when to standardize a technique like zero-knowledge proofs, NIST considers various criteria:
- Market demand: If an application using zero-knowledge gains significant traction, the market may speak for standardization.
- Stakeholder needs: Government agencies like the Social Security Administration or the Census Bureau may express specific needs for techniques like zero-knowledge proofs or private set intersection.
- Killer application: A groundbreaking application requiring zero-knowledge may emerge, necessitating standardization.
- Ad-hoc guidance: NIST may choose to provide recommendations on an ad-hoc basis rather than formal standardization.
Interpreting these criteria is challenging, as different stakeholders may have conflicting interests. NIST aims to serve as an impartial arbiter, relying on its technical expertise to navigate these complexities.
Why submit to be a NIST Standard?
NIST has launched a call for submissions regarding multi-party threshold schemes, including a category focused on advanced cryptography like zero-knowledge proofs. This initiative aims to collect and curate reference implementations, gain trust and transparency, and encourage consensus within the cryptographic community.
While NIST standards are not legally binding, the federal government’s market power as a significant customer incentivizes industry compliance. However, NIST’s role extends beyond issuing standards; by providing reference materials and serving as an honest broker of ideas, NIST hopes to positively influence the adoption of robust cryptographic solutions.
NIST recognizes the limitations of market forces in protecting rights like privacy and acknowledges the need for guidance and regulations in areas where unfettered markets may fail. As an impartial government agency, NIST strives to navigate the complex landscape of advanced cryptography, balancing stakeholder needs, technical maturity, and long-term security considerations to drive the development and adoption of robust privacy-enhancing cryptographic solutions.
