If you’ve been following the NIST Post-Quantum (PQ) Cryptography Competition, then you likely know the round 3 finalists have recently been announced. In the off chance you’re not familiar, here’s a little background:
- Quantum computers pose an inevitable threat to digital security
- It’s estimated that within the decade a quantum computer will be powerful enough to break cryptography as we know it today
- The U.S. National Institute of Standards and Technology (NIST) started running a Post-Quantum Cryptography Standardization Process Competition six years ago to identity quantum-safe algorithms
- Everyone is awaiting their recommendations, at which point all standards bodies will need to adopt changes and update protocols that rely on crypto
With the recent round 3 finalists announcement, we saw three selected digital signature algorithms move forward:
What’s particularly exciting is that Entrust’s recently announced PKI as a Service PQ supports all three algorithms!
Although the timeline for Post-Quantum (PQ) seems like a long way away, the switch to quantum-safe algorithms is not just a regular crypto refresh cycle. The migration to quantum-safe algorithms could take several years. For some industries – like healthcare and critical infrastructure – the transition is already underway due to technology lifecycle and long-life data they have to ensure remains secure. To put it into perspective, think about the migration from SHA-1 to SHA-2. There was plenty of warning it was coming, plenty of time to prepare, and it was generally seen as a straightforward migration. But when the time came, some organizations really struggled with it – some are even still figuring it out! Well, the switch to PQ-safe algorithms won’t even compare, so the time to start preparing is now.
A few things organizations should be looking at to prepare:
- Take inventory. Make sure you know what cryptographic assets and algorithms you have, and where they reside.
- Determine the value of your data, its shelf life, and how long it will take to migrate to post-quantum cryptography. When you know what’s at risk, you’ll know where to start.
And this is where the PKIaaS PQ comes in! It’s a cloud-based PKI offering that can provide customers with composite and pure quantum Certificate Authority hierarchies. It gives organizations the ability to test multi-certificates or composite certificates with their applications. Interested in trying this out for yourself? You can sign up for a trial and start getting PQ ready.
As for NIST, the 4th and final round has now opened up, after which point they’ll announce their final recommendations.