Quantum security becomes a more tangible and critical concern in 2024. New post-quantum cryptographic (PQC) standards are expected in the new year from the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST). We believe this pending release signals both the technological maturity of the solutions and the government’s acknowledgment of the severity of the quantum threat. It's only months away from the release of the standards and quantum readiness will not be a trivial undertaking. Here’s what you need to know as you plan for the migration to post-quantum cryptography.
Prompted by its concern that quantum computers could be used adversarially to break the public-key systems that secure critical information and systems today, last year NIST announced its selection of the first group of encryption tools designed to withstand the assault of a future quantum computer.
More recently, NIST announced three of these new algorithms are expected to be published as standards ready for use in 2024. When these critical tools become available, organizations around the world, especially critical infrastructure and software providers, will begin to integrate them into their encryption infrastructure to protect the confidentiality, integrity, and security of sensitive information and critical information systems.
Development of these algorithmic standards started roughly 7 years ago with nearly 70 candidate algorithms submitted for consideration in 2016. When released, the new standards will include documentation to help users effectively prioritize migration efforts and implement the following algorithms in their systems:
NIST typically renames algorithms as part of its standardization process, so you may have seen these documented previously as:
The development of these standard algorithms is significant in that they run on classical systems, providing an evolutionary safeguard against emerging quantum threats.
CISA, NIST, and NSA recommend you create a “quantum-readiness roadmap and prepare for future implementation of the post-quantum cryptographic (PQC) standards.” Without a doubt, it’s critical to prepare and work this into your quantum readiness plan. The reality is, while theoretically simple, transitioning the public key infrastructure we rely on to secure the internet to incorporate the newly standardized PQC algorithms will be a complex undertaking, and these standards will co-exist with today’s algorithms in a hybrid mode while the PQC standards are transitioned in and proven.
The key steps in planning for PQC migration include:
The goal is to understand the potential impacts of post-quantum cryptography, as well as understand when and how you can implement it, to develop a strategy that protects your most critical digital and network assets from quantum threats.
Crypto agility, the ability to switch encryption schemes on the fly, without impacting the underlying infrastructure or applications, will be a critical enabling capability for an efficient transition to post-quantum algorithms. All organizations can proactively mitigate quantum risk by devoting time now to planning and building crypto agility using the quantum-safe encryption solutions that already exist today.
PQC standards are just one of several complementary solutions that will fortify an organization’s quantum resistance and resilience on its journey to quantum readiness. Quantum Random Number Generation (QRNG) and Quantum Key Distribution (QKD) will also play significant roles as they harness the power of quantum physics to protect cryptography.
Getting started is often the most daunting part of any major change. QuintessenceLabs offers resources to help you learn more about how to get started building crypto agility and completing your Quantum Readiness Roadmap. For more personalized support, contact us for a 1:1 informative briefing to help you understand the impact of PQC and the evolving quantum ecosystem.