The Dawn of the PQ Era
As quantum computing continues to mature, we’re moving closer and closer to cryptographically relevant quantum computers (CRQCs), which will break traditional public key cryptography – effectively ushering in the post-quantum (PQ) era. In many ways, the PQ era is already here with “Harvest Now, Decrypt Later” attacks that target long-life data – data that needs to remain confidential for 10+ years – like financial records and government intelligence. Those attacks also target long-life devices, and with an estimated 20 billion devices needing to be updated to be quantum-safe, that’s not going to be a light lift.
But the good news is that, as of late, more and more organizations are taking this seriously. As the PQ era approaches, we’ve seen the conversation quickly shift from “is it real?” and “when is it coming?” to more actionable questions like “what do I need to do?” and “how?” And now with NIST releasing its first set of post-quantum cryptography (PQC) standards, the way forward has become more clear and there’s no reason to further delay PQ preparations.
NIST Issues First PQC standards
NIST has been leading the charge, facilitating the development of quantum-resistant algorithms and PQC standards through a multi-year competition. While NIST is a U.S. institution, the competition they’ve been running is a global one, and considered the gold standard that other regulatory bodies and nation states are looking to.
As we mentioned in a previous blog post, in July 2022, NIST selected the first four PQC algorithms to standardize after several rounds of the competition. The selection included one public key encryption algorithm (CRYSTALS-Kyber) and three digital signature algorithms (CRYSTALS-Dilithium, FALCON, and SPHINCS+). Since these were first announced, the algorithms have been renamed as follows:
Initial Name | Current Name |
---|---|
CRYSTALS-Kyber | ML-KEM (FIPS 203) Module-Lattice-Based Key-Encapsulation Mechanism Standard |
CRYSTALS-Dilithium | ML-DSA (FIPS 204) Module-Lattice-Based Digital Signature Standard |
SPHINCS+ | SLH-DSA (FIPS 205) Stateless Hash-Based Digital Signature Standard |
FALCON | FN-DSA FFT over NTRU Lattice-Based Digital Signature Standard |
In August 2023, NIST released three of the four draft PQC standards: one key encryption algorithm (ML-KEM), and two digital signature algorithms (ML-DSA and SLH-DSA). FN-DSA was shelved indefinitely due to implementation and deployment difficulties. And today, just shy of one year later, NIST published the Federal Information Processing Standards (FIPS) for ML-KEM, ML-DSA, and SLH-DSA.
As PQ is a global challenge, it’s expected that the release of these standards will also trigger a refresh of PQ initiatives around the world – including France, Germany, and the UK, who have all indicated they are planning to adopt NIST’s recommendations, which will be a great step to help ensure global alignment and interoperability.
What Comes Next?
While finalizing these first three PQC standards is a significant milestone on the path to PQ readiness, the hard work is just beginning. For any organizations who were waiting for this moment, it has arrived. And it’s now time to get moving. In their announcement, NIST mathematician Dustin Moody urges that there’s no need to wait for future standards, and to get going using these three.
We’ve done cryptographic transitions before, like the move from RSA to ECC, or SHA 1 to SHA 2. In particular, the latter shift was intended to be a super simple transition, yet many organizations really struggled. It took more time than expected, required more resources, and years later, there are still some outliers. The transition to PQC promises to be much more complex and time-consuming, touching every piece of cryptography and cryptographic system. It will need to be actively managed.
Organizations need to move today’s public key cryptographic systems from where they are today – using RSA and ECC algorithms – to new quantum-safe algorithms. While that might seem simple on the surface, it’s a big job entailing complete cryptographic inventories of assets and technology, mapping this to sensitive data, and developing and executing a post-quantum cryptography migration strategy. It’s a full-scale project that will touch every piece of IT infrastructure and span several years.
As the PQ era dawns with PQC standards from NIST driving a refresh of PQ initiatives around the globe, organizations are drafting and implementing their PQC migration plans. Indeed, in our upcoming 2024 Global PKI, IoT and Post-Quantum Cryptography Study conducted by the Ponemon Institute, a full 61% of CISOs report that they are planning to migrate to PQC within the next five years, with that number being 70% in the U.S. Don’t leave your organization exposed to the quantum threat – explore our post-quantum cryptography solutions today.
Is your organization ready? Take our self-assessment to find out.