With the recent release of three finalized post-quantum cryptography (PQC) standards, the National Institute of Standards and Technology (NIST) has officially fired the starter’s pistol for the post-quantum cryptography era, putting organizations on the clock to begin adopting the new standards.
Transitioning to PQC may be more of a marathon than a sprint. Still, precisely because the transition is so time-consuming, organizations can’t afford to be caught loitering at the starting line. Organizations only now considering PQC migration are already behind in securing the infrastructure that protects their most sensitive information.
Keyfactor’s latest research on the state of public-key infrastructure (PKI) and digital trust found that most companies expect the PQC transition to take about four years. However, those with more certificates in use expect an average of six years to transition. However, it is a complicated, long-term process that could take more than a decade. Underestimating the time and effort required for PQC readiness will likely lead to delays, setbacks, and outages that organizations cannot afford. Worst yet, organizations' data may already be at risk due to the threat posed by “harvest now, decrypt later” attacks. Some government agencies have set target dates for 2030 to complete the transition, and industry sectors will likely follow suit.
Why Post-Quantum Standards Are Necessary
Viable quantum computing is likely at least a few years away, however, some believe that they could come as soon as 2029 (Gartner, Postquantum Cryptography: The Time to Prepare is Now!, Mark Horvath, Sarah Almond, Matthew Brisse, Chirag Dekate, 1 July 2024 ) – meaning the need to prepare for PQC is urgent. Current cryptographic tools, such as RSA and ECC, are used practically in every device, from phones and laptops to cars and Internet of Things devices and protect everything from banking and retail transactions to valuable business and government data.
Current encryption methods have proven very effective at deterring brute-force attacks because even the most powerful classical computers can’t calculate all the prime numbers involved fast enough. But quantum computing, which plays by different rules, would render that encryption obsolete.
Being safe today doesn’t guarantee anything. Some products may still be in use in 10 years. And sensitive or proprietary information (financial transactions, health records, weapons systems data and other important information) will still be sensitive when Q-Day arrives, and post-quantum attacks become a reality.
The new PQC standards, built on processes that aren’t vulnerable to quantum computing’s strengths, are the first tools available to protect sensitive information from quantum computing threats and any yet-to-come advanced threats generated by classic computing.
NIST initially announced the four winning algorithms in 2022 as part of its Post-Quantum Cryptography effort that began in 2016. With this latest announcement, it has officially released three algorithms, complete with new names and Federal Information Processing Standard (FIPS) identifiers. Those three algorithms include:
- FIPS 203. Based on the CRYSTALS-Kyber algorithm, renamed ML-KEM, short for Module-Lattice-Based Key-Encapsulation Mechanism, FIPS 203 is intended as the primary standard for general encryption.
- FIPS 204 is the primary standard for protecting digital signatures. It is based on the CRYSTALS-Dilithium algorithm. It is now named ML-DSA, for Module-Lattice-Based Digital Signature Algorithm.
- FIPS 205. Also designed for digital signatures, this standard is based on the SPHINCS+ algorithm, and is now named SLH-DSA, short for Stateless Hash-Based Digital Signature Algorithm. Based on a math approach different from FIPS 204/ML-DSA, it is intended as a backup in case ML-DSA is vulnerable.
A fourth algorithm also intended for digital signatures and scheduled for release later this year, FIPS 206, is built on the FALCON algorithm and will be named FN-DSA, short for FFT (fast-Fourier transform) over NTRU-Lattice-Based Digital Signature Algorithm.
NIST says it will continue to evaluate two other sets of algorithms that could serve as backups: three algorithms for general encryption and about 15 algorithms designed for digital signatures.
Marching Swiftly to PQC-Readiness
Implementing the new standards and developing the crypto-agility to adapt cryptographic methods to changing threats is crucial to future-proofing PKI systems and ensuring long-term resiliency. However, organizations need to start now on developing and implementing a strategy for making the transition.
Some of the most critical steps to ensure your organization is PQC-ready include:
1. Inventory all cryptographic assets. This includes keys, certificates and algorithms, and is a crucial early step toward understanding the scope and scale of what will be required. A full inventory will include identifying systems that are the most sensitive or exposed, allowing organizations to prioritize upgrades and replacements.
2. Develop a clear implementation strategy. Organizations will want to ensure a collaborative and comprehensive approach. Among the key steps to take:
-
- Determine a realistic budget that works for your organization.
- Identify the tools your teams will need for a successful migration and which parts of the transition should leverage automation.
- Lay out an exact timeline for transition and the steps in each stage.
- Outline the responsibilities of each IT and security team member in the transition.
- Set realistic deadlines for each stage.
3. Test the NIST PQC algorithms. Set up lab environments to test the PQC PKI standards and prepare signature validation software for the new algorithms. Specifically, you will want to perform two key tasks to support that testing, including:
-
- Creating sandbox environments to give users a quick and easy way to test the algorithms and better understand the impact of changes on their infrastructure, all without impacting production environments.
- Testing your crypto agility to understand how quickly you can manage, update and secure machine identities within your PKI infrastructure. This is a critical step in the PQC journey.
4. Make PQC part of your organizational culture. Ensure that any current or new projects have considered PQC migration.
5. Know your PQC tools. Researching and evaluating PQC solutions will enable organizations to identify and assess the tools and solutions that best align with their security requirements and operational needs.
The release of NIST’s standards effectively begins the PQC era. Organizations must ensure that they—and, for that matter, all companies in their supply chains—are prepared for the post-quantum era to protect the long-term security of their cryptographic infrastructure. Underestimating the time and effort required for PQC readiness is a risk organizations can’t afford. They need to begin their journey as soon as possible.