New NIST Standards Are Only Months Away. Take Immediate Action to Secure Your Future with Post-Quantum Cryptography
Quantum security becomes a more tangible and critical concern in 2024. New post-quantum cryptographic (PQC) standards are expected in the new year from the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST). We believe this pending release signals both the technological maturity of the solutions and the government’s acknowledgment of the severity of the quantum threat. It's only months away from the release of the standards and quantum readiness will not be a trivial undertaking. Here’s what you need to know as you plan for the migration to post-quantum cryptography.
NIST to Publish Post-quantum Cryptographic (PQC) Standards in 2024
Prompted by its concern that quantum computers could be used adversarially to break the public-key systems that secure critical information and systems today, last year NIST announced its selection of the first group of encryption tools designed to withstand the assault of a future quantum computer.
More recently, NIST announced three of these new algorithms are expected to be published as standards ready for use in 2024. When these critical tools become available, organizations around the world, especially critical infrastructure and software providers, will begin to integrate them into their encryption infrastructure to protect the confidentiality, integrity, and security of sensitive information and critical information systems.
The Four Algorithms
Development of these algorithmic standards started roughly 7 years ago with nearly 70 candidate algorithms submitted for consideration in 2016. When released, the new standards will include documentation to help users effectively prioritize migration efforts and implement the following algorithms in their systems:
- ML-KEM, designed for general encryption purposes such as creating secure websites
- ML-DSA, designed to protect the digital signatures used when signing documents remotely
- SLH-DSA, also designed for digital signatures
- FN-DSA, also designed for digital signatures
NIST typically renames algorithms as part of its standardization process, so you may have seen these documented previously as:
- CRYSTALS-KYBER updated to ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism Standard)
- CRYSTALS-DILITHIUM updated to ML-DSA (Module-Lattice-Based Digital Signature Standard)
- SPHINCS+ updated to SLH-DSA (Stateless Hash-Based Digital Signature Standard)
- FALCON updated to FN-DSA (FFT over NTRU Lattices Digital Signature Standard) - note this is a proposed name, not yet released
The development of these standard algorithms is significant in that they run on classical systems, providing an evolutionary safeguard against emerging quantum threats.
Planning For PQC Migration
CISA, NIST, and NSA recommend you create a “quantum-readiness roadmap and prepare for future implementation of the post-quantum cryptographic (PQC) standards.” Without a doubt, it’s critical to prepare and work this into your quantum readiness plan. The reality is, while theoretically simple, transitioning the public key infrastructure we rely on to secure the internet to incorporate the newly standardized PQC algorithms will be a complex undertaking, and these standards will co-exist with today’s algorithms in a hybrid mode while the PQC standards are transitioned in and proven.
The key steps in planning for PQC migration include:
- Conduct an inventory to identify and understand cryptographic systems and assets
- Evaluate and understand your quantum risk profile
- Establish a Quantum-Readiness Roadmap
- Engage with technology vendors to discuss their post-quantum roadmaps
- Create migration plans that prioritize your most sensitive and critical assets
The goal is to understand the potential impacts of post-quantum cryptography, as well as understand when and how you can implement it, to develop a strategy that protects your most critical digital and network assets from quantum threats.
Build Your Crypto Agility Plan Now
Crypto agility, the ability to switch encryption schemes on the fly, without impacting the underlying infrastructure or applications, will be a critical enabling capability for an efficient transition to post-quantum algorithms. All organizations can proactively mitigate quantum risk by devoting time now to planning and building crypto agility using the quantum-safe encryption solutions that already exist today.
PQC standards are just one of several complementary solutions that will fortify an organization’s quantum resistance and resilience on its journey to quantum readiness. Quantum Random Number Generation (QRNG) and Quantum Key Distribution (QKD) will also play significant roles as they harness the power of quantum physics to protect cryptography.
Resources and Support as You Plan for PQC
Getting started is often the most daunting part of any major change. QuintessenceLabs offers resources to help you learn more about how to get started building crypto agility and completing your Quantum Readiness Roadmap. For more personalized support, contact us for a 1:1 informative briefing to help you understand the impact of PQC and the evolving quantum ecosystem.
You May Also Like
These Related Posts