Earlier this month NIST published a draft report titled Transition to Post-Quantum Cryptography Standards, outlining their proposed timeline for cryptographic systems to move from today’s public key cryptography to quantum-resistant cryptography. Their recommendation follows the direction that came from the National Security Memorandum 10 (NSM-10) that was issued in May 2022, which established the year 2035 as the target for federal systems to be migrated to post-quantum cryptography. NIST went one step further by stating that it would begin deprecating traditional public key cryptography (RSA and ECDSA) by 2030 and it would be “disallowed” by 2035. This should be seen as an immediate call to action.
Considerations in the NIST Timelines
Just this summer, NIST released the first set of highly anticipated post-quantum encryption standards. As a part of their announcement NIST mathematician Dustin Moody stated, “There is no need to wait for future standards” and that these are the ones to start using. So it’s no surprise this strategy and timeline for migration closely followed to provide further direction. Other than borrowing from the direction originally provided in NSM-10, NIST developed this timeline keeping in mind the effort vendors are facing to build the algorithms into their technology offerings, as well as the complexity for customers to then take those products and services and integrate them into their security infrastructures. They also acknowledge that the journey from standards to full implementation has typically taken 10 to 20 years, so this gives a similar timeframe for completion, stating, “Past cryptographic migrations have taken over a decade, and this more complex migration will likely take at least that long.”
By providing the dates of deprecating traditional public key cryptography by 2030 and disallowing it by 2035 – and knowing this migration will be more complex than anything we’ve faced before – NIST has essentially issued an urgent call to action.
Certainly, now that we have the standards for quantum-safe algorithms we can expect more direction and government action to come. But as this is a global challenge, and because NIST directionally is seen as a global influencer on such recommendations, we can expect this timeline to be adopted and echoed by others.
Further Validation: the NSA Timelines
This isn’t the first time we’ve seen direction and timelines for migrating to PQC. Two years ago, the National Security Agency (NSA) announced the release of the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0). The purpose of the document was to notify and guide National Security Systems (NSS) owners, operators, and vendors of PQ requirements as it relates to “networks that contain classified information or are otherwise critical to military and intelligence activities.” And as a part of that it also set out some timing parameters to begin this transition.
So when does their timeline start? The first set of use cases they indicated needed to be addressed was software and firmware signing, and they stated that transition should “begin immediately.” But specifically, the NSA requires software, firmware, and browsers to prefer and support quantum-safe algorithms by 2025 and requires exclusive use of quantum-safe algorithms for software, firmware, and browsers by 2033. Both of those dates are just around the corner.
These timelines felt aggressive then, and are definitely adding to the overall sense of urgency, but it's for good reason and because of the data they know needs to be secured. Government agencies – as well as industries such as financial services and healthcare – have long-life data (sensitive data that needs to live and remain confidential for 10+ years) that needs to be protected with quantum-resistant cryptography today, so that it remains secure during the lifetime of the data.
In addition to what’s been issued by NIST, the direction coming from the NSA is worth paying attention to and following. Previously released crypto guidelines from the NSA (such as NSA Suite B) were widely adopted across government and businesses and became a global crypto best practice. It’s safe to expect the CNSA 2.0 will similarly be widely adopted.
But the need to prepare isn’t exclusive to the government. All organizations should be taking steps to prepare, including:
Inventory Data
Once again, it’s important to understand where your valuable and/or long-life data resides, as well as the related data flows. Once you have that catalog and inventory, then you know where to start where your highest concerns are.
Inventory Cryptographic Assets
Many organizations already struggle with knowing what cryptographic assets reside in their environment, but having full visibility into this is key when creating a post-quantum readiness plan. In addition to visibility, it’s also important to ensure compliance, control, and automation of these assets.
Build a Cryptographic Agility Strategy and Roadmap
Cryptographic agility will be critical for the PQ transition. At a high level, crypto-agility is the ability to easily move from one algorithm to another – such as a PQ one. And given that these are not a mature set of algorithms, being agile even after the PQ transition will also be key. As part of that exercise, it’s also important for organizations to identify areas of risk relating to cryptography including process, people, and technology.
Test and Plan the Migration
Now that NIST has announced the first three PQC standards, the light has turned green and testing can begin. For example, Entrust PKIaaS PQ supports all three algorithms and allows organizations to begin testing these certificate types within their applications.
The timelines are starting to crystallize, and all indicators are that this transition needs to be completed for core and critical business use cases in the next handful of years. We know what we have to do and have an idea of when it needs to be completed. If you haven’t begun already, the time to begin your quantum readiness journey is now – from creating a PQ-readiness team to building out a PQ strategy and roadmap.
For more information on post-quantum preparedness, see our resource page.
Curious how ready your organization is for the PQC transition? Take our Post-Quantum Readiness Assessment to find out.