With “Harvest Now, Decrypt Later” attacks, the post-quantum (PQ) era has effectively arrived. The focus of post-quantum cryptography (PQC) has shifted from the “when” to the “how” and “what.” The good news? We've seen some direction from government agencies to help answer some of these questions. For example, the National Security Agency (NSA) in the U.S. released their Commercial National Security Algorithm (CNSA) Suite 2.0 and Quantum Computing FAQ a few years ago, which required U.S. National Security Systems (NSS) to transition software and firmware signing algorithms to PQC starting immediately. The directive indicated the preference of supporting CNSA 2.0 by 2025 and exclusively using PQC algorithms by 2030. That's as soon as next year. And, other core business use cases such as browsers, cloud services, and networks were all listed right behind it, also needing to transition within the next couple of years.
Navigating the PQC Journey Around the Globe
We've done cryptographic transitions before - like from RSA to ECC, or SHA-1 to SHA-2, but the transition to PQC promises to be more complex and time-consuming than anything we've seen before. The PQC migration will effectively touch every piece of cryptography and cryptographic system. If that’s not daunting enough, PQ is a global challenge requiring a global approach, meaning governments and standards bodies will play a critical role. At the moment, most governments and standards bodies have their eyes on NIST. Last summer NIST released the draft standards from their PQC competition and are expected to finalize those standards any day now. While we've seen a slew of government action as the NIST competition has progress, we do expect the standards announcement to trigger a refresh of PQ initiatives around the globe including the UK, France, Germany, and the European Commission (EC), along with standards bodies like the IETF and ETSI.
In November 2023, the UK National Cyber Security Centre (NCSC) published updated guidance regarding the next steps in preparing for PQC that advises operational systems only use implementations based on the final NIST standards. They also advise that a hybrid approach should only be used as an interim measure on the path to full PQC, citing concerns over cyber risk, overhead, and added complexity. Similarly, current NSA guidance doesn’t specifically recommend a hybrid approach, preferring the deployment of CNSA 2.0 algorithms by 2025 and full PQC by 2030. However, when we look at ANSSI in France and BSI in Germany, both favor a hybrid approach to the PQC migration, expressing concerns over both the relatively untested nature of new standards to real-world attacks.
On April 11, 2024, the EC published its recommendation for a harmonized approach to PQC transition across all EU member states, asking for a roadmap within two years. The intent of the resulting Post-Quantum Cryptography Implementation Roadmap is to deploy PQC in a coordinated fashion across the EU and maintain alignment with existing and emerging international standards. The roadmap will also provide the effective deployment into existing public administration systems and critical infrastructure following a hybrid approach that employs PQC alongside existing cryptographic approaches or with quantum key distribution (QKD). Neither the NCSC nor NSA considers QKD a practical approach for quantum resistance.
A Global Blueprint for PQC Migration
While different approaches to PQC migration can be expected across jurisdictions and standards bodies, the following blueprint of global best practices for preparing for PQ has emerged:
- Get started now: CISA, NSA, and NIST are all urging organizations to prepare now, with other jurisdictions not far behind.
- Designate a lead: In November 2022, the White House issued a PQC migration memorandum to all heads of executive departments and agencies tasking them to designate a lead for the collection of cryptographic information within 30 days. This ensured an orchestrated, organization-wide transition.
- Develop a quantum-readiness roadmap: Once a lead has been designated, CISA encourages organizations to establish a quantum-readiness project team to plan and scope the transition to PQC.
- Perform a cryptographic inventory: With a clear roadmap in place, the first task for the quantum-readiness project team is to proactively note all cryptographic assets and systems within their organization, including the identification of those that are quantum vulnerable. These steps are critical in:
- Ensuring you have the right technology in place to support the requirements of PQC
- Offering visibility into all your cryptographic assets (keys, certificates, etc.), which will likely be one of the more challenging and time-consuming tasks
- Determining if your organization is crypto-agile, which will be critical when it comes to implementing PQC
- Engage vendors: Ensure your vendors have a PQ-readiness roadmap of their own, including migration. This should include everything from new products having PQC built in to legacy products having a timeline for PQC upgrades.
The quantum threat to digital security is an imminent and global challenge. With governments and enterprises around the world drafting and implementing PQC migration plans, don’t leave your organization unnecessarily exposed. Assess your PQ-preparedness plan today with this self-assessment and explore our post-quantum cryptography solutions.