PQC (Post-Quantum Cryptography) 08-24-2023

NIST Releases Quantum-safe Cryptography Standards: What Happens Now?

Timothy Hollebeek
NIST Blog

NIST has released draft standards for quantum-safe algorithms for public comment, after which the final standards will be available early next year.

Marking a nearly seven-year process and the final steps towards the world’s first post-quantum cryptography standards, the U.S. National Institute of Standards and Technology (NIST) has released draft standards for CRYSTALS-KYBER, CRYSTALS-DILITHIUM and SPHINCS+ publicly for a 90-day comment period starting Aug. 24, 2023.

has been working with NIST and the Internet Engineering Task Force (IETF) on post-quantum cryptography (PQC) standards and will be actively testing and reviewing the draft standards during the comment period and incorporating these new algorithms into important protocols like TLS/SSL, S/MIME, SSH and so on.

This release signals to companies everywhere the need to take immediate steps toward updating their cryptographic systems and software to these quantum-safe algorithms, once finalized, well ahead of the arrival of quantum computers.Companies that delay in implementing these updates may be at risk for a predicted spike in “harvest now – decrypt later” strategies undertaken by bad actors who compromise systems today to collect encrypted data, with the intention of decrypting it later with quantum computers.

In today’s post, we provide background on quantum cryptography and a guide for organizations on how to prepare for quantum cryptography and protect current assets against future threats.

Public key infrastructures must change

Public key infrastructures are crucial to digital trust, protecting everything from web connections and email to digitally signed documents and code. To do that, they rely on asymmetric cryptography. The algorithms in place today (RSA, ECC) are based on mathematically challenging problems, such as factoring very large numbers, which are computationally difficult for current computers. However, while it would take a traditional computer years to break these algorithms, a quantum computer could solve these hard math problems in minutes, as quantum computers possess non-intuitive properties like superposition and entanglement, allowing them to process multiple simultaneous states.

The NIST effort to select, evaluate and standardize PQC algorithms is based on even harder math problems (e.g., lattice cryptography) that are difficult for both traditional computers and quantum computers. These algorithms do not require a quantum computer themselves; they protect against them and will be critical for maintaining trust once quantum computing becomes a reality.

What are the NIST PQC selected algorithms?

On July 5, 2022, NIST announced the following quantum-resistant algorithms have been selected for standardization:

  1. For public key encryption and key establishment, NIST will be standardizing CRYSTALS-KYBER.
  2. For digital signatures, NIST will be standardizing CRYSTALS-DILITHIUM, FALCON, and SPHINCS+.

a. CRYSTALS-DILITHIUM is the preferred general-purpose digital signing algorithm, for example, for future digital certificatesand signed documents.

b. SPHINCS+ has the advantage that its security properties are based on hash functions, and so provides some additional confidence about the long-term security of the algorithm, but at the cost of reduced performance.

c. FALCON was also selected because it may have some performance benefits in certain use cases. While the standards for the other three were released today, FALCON standards will not be released for several months.

Quantum-safe signatures function the same as traditional digital signatures and allow the holder of a private key to prove they signed a particular message. These signatures will replace traditional RSA and ECC digital signatures.

What cybersecurity companies are doing now

Work to incorporate these new algorithms into protocols is going on in parallel at IETF. At IETF, the Post-quantum in Protocols (PQUIP) working group, which co-chairs, is coordinating efforts to incorporate these new algorithms into important protocols like TLS/SSL, S/MIME, SSH and others as previously mentioned. There is also a PQC for Engineers draft that explains the technical details of these algorithms and how they can be incorporated into protocols.

Once finalized, cybersecurity companies can begin incorporating these algorithms into their applications, code, products, services, platforms and ecosystems.

What should companies do now?

To make the mass transition to the new algorithms easier, companies should take these two steps in the next 90 days to be prepared to update their cryptographic systems and software: first, inventory all cryptographic assets and second, achieve crypto-agility by centralizing PKI management and automation.

1. Inventory all cryptographic assets in your organization and prioritize them

Cybersecurity teams can begin by building a centralized view of their cryptographic and digital certificate inventory, prioritizing critical systems and data and putting in place automation tools that make the task of updating digital certificates more efficient and free from human error. While inventorying the crypto in their organization, teams should prioritize assets based on the importance, sensitivity and expected lifespan of the data they’re seeking to safeguard. For example, a hospital chain responsible for handling a patient’s history requires a high overall level of security. Additionally, medical records could span decades into the future, well past the expected arrival of mainstream quantum computing.

The timing on updating your algorithms also depends on the use case. TLS/SSL authentication is not threatened until quantum computers are available. However, digital signaturesapplied today and data secured with keys exchanged today may be vulnerable  to attack by computers in the future. Furthermore, IoT devices can live in the field for decades and need to be secured with PQC algorithms well ahead of other forms of cryptography. The update to quantum-safe algorithms needs to be completed well in advance to protect the critical data involved in those use cases.

2.Achieve crypto-agility by centralizing PKI management and automation

Crypto-agility is the ability for organizations to remediate and update their cryptographic assets rapidly. Achieving crypto-agility delivers significant security and productivity benefits; the upcoming need to transition to a quantum-safe posture makes it even more important for organizations to invest in centralized management and automation of their public key infrastructure.

’s customers investing in crypto-agility have deployed ® Trust Lifecycle Manager, which provides a comprehensive solution to discover, manage and automate digital trust across their organization. Trust Lifecycle Manager is redefining the meaning of certificate management by integrating CA-agnostic certificate management across public and private trust to deliver centralized visibility and control, prevent business disruption and secure identity and access.

Stay tuned to our PQC blog series,or email pki_info@digicert.comfor more information on how to prepare to be quantum ready. Also, view this

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min