On August 13, 2024, InfoSec Global’s VP of Cryptographic R&D Vladimir Soukharev attended an event held by the White House to mark a major milestone in cryptographic standards. The event titled Securing our Nation with Post Quantum Cryptography covered the unveiling of the National Institute of Standards and Technology’s (NIST) freshly standardized Post Quantum Cryptographic (PQC) algorithms, explained the pressing need to replace classical cryptography, and discussed the next steps towards adopting these new standards.
The three algorithms that NIST released on August 13th include a new key encapsulation mechanism for key establishment, and two new digital signature algorithms for authentication. Standardizing these algorithms has been an eight-year process led by NIST that harnessed the expertise of the global cryptographic community.
Although quantum computers are not yet powerful enough to break classical cryptography, there is an urgent need to replace currently used cryptography by PQC solutions. Classical cryptography is vulnerable to a “store-now, break-later” attack, where adversaries intercept and store large amounts of encrypted information knowing that they will be able to decrypt it once powerful enough quantum computers become available. National Cyber Director Harry Coker stated, “malicious actors are already using a ‘store-now, break-later’ strategy.”
The major takeaway from this White House event is a call to action. According to National Security Memorandum 10 (NSM 10) on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems from 2022, the Director of NIST now has 90 days to “release a proposed timeline for the deprecation of quantum-vulnerable cryptography in standards.”
This migration will need to take place across National Security Systems, Critical Infrastructure and all sectors of the economy. It will involve massive effort and cooperation between government and industry. NSM 10 states, “the Director of NIST shall work with the appropriate technical standards bodies to encourage interoperability of commercial cryptographic approaches.”
Much of the advice given on August 13th repeats earlier messages given by the White House and other government agencies; though with the new NIST PQC standards this advice is becoming increasingly relevant. The importance of creating an inventory of cryptographic assets was again emphasized. Included in this, it is essential to identify where cryptography is not easily replaceable, for example, within hardware.
During the August 13th event the importance of crypto agility was reiterated. As NSM 10 explains, “central to this migration effort will be an emphasis on cryptographic agility, both to reduce the time required to transition and to allow for seamless updates for future cryptographic standards.”
Although NIST’s PQC standards show American leadership in PQC, as Coker states “to be truly effective, our transition must occur in tandem with our friends and allies abroad.” This will allow for interoperable solutions.
While the release of these new PQC algorithms is an incredibly important step, it remains a first step in the path to a quantum-safe future. For more information on creating a cryptographic inventory and to make your systems quantum safe contact us.