The era of practical quantum computing is possibly years away, but for organizations that need to protect sensitive data, we finally have some standards which can be applied to the problem of addressing the threat practical quantum computers represent to our current set of algorithms for doing public key cryptography.
The National Institute of Standards and Technology (NIST) has officially finalized the first three post-quantum cryptographic algorithms coming from NIST’s Post-Quantum Cryptography (PQC) project. This includes the ML-KEM algorithm which provides a Key Encapsulation Mechanism (KEM) for sharing symmetric keys for general encryption, as well as the ML-DSA and SLH-DSA algorithms, both for use with digital signatures. A further signature algorithm FN-DSA is proposed to be issued as a draft standard at the end of the year. Previously ML-KEM, ML-DSA, SLH-DSA, FN-DSA were known as CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and Falcon.
The finalization of these algorithms means that organizations can now start implementing PQC-safe algorithms into their public key infrastructure (PKI) to help ensure that systems that rely on secure digital identities and the exchange of encrypted data are safe from being broken by encryption when “Q-day” finally arrives.
The release is a watershed moment for online cybersecurity, effectively creating a ‘starting line’ for organizations to prepare for PQC. But the truth is that organizations that are only just starting to think about migrating to the new standards are getting a late start in the race to secure the infrastructure that underpins their cryptographic assets.
Most companies, as evidenced by our latest research on the state of PKI and digital trust, expect the PQC transition to take four years to complete. Those with more certificates believe that it will take an average of 6 years to transition. Underestimating the time and effort required for PQC readiness will likely lead to delays, and setbacks, something which we can all ill afford as some Government agencies have already set target dates of 2030 for the transition to PQC algorithms to be complete and it is likely now that other industry sectors will follow suit.
The complexity comes about because a significant amount of planning and testing is required to adopt the new algorithms seamlessly. The resource requirements to support these algorithms, both in terms of space and CPU, are different to what we have seen before, and the KEM algorithm provides a mechanism which is different to what we are currently used to for coordinating the use of secret keys as well. Further to this, many organizations make use of third-party libraries and applications. So PQC migration is not just about what is being done locally in an organization, the entire supply chain for any given product needs to be taken into account as well. Starting now, it’s essential that all security assessments and vendor audits take PQC into account.
Finally, it is worth considering the security aspects. While Quantum computing does not pose a direct immediate threat, highly sensitive data now may well be at risk. As top White House Cybersecurity Advisor Anne Neuberger pointed out during a recent address in London, highly sensitive data stolen today could still be a risk if it’s decrypted eight or ten years from now. With quantum computing on the horizon, Harvest Now, Decrypt Later (HNDL) is an emerging type of attack that organizations should be prepared for.
What organizations should do to prepare
A few steps organizations can take now to prepare for the PQC migration include:
- Taking inventory of systems and identifying those that are the most sensitive and most exposed
- Examining their application ecosystems as part of the planning for eventual migration
- Setting up lab environments to test PQC public-key infrastructure (PKI) and prepare signature validation software for new algorithms
- Make sure any current, or new, projects have taken PQC migration into account
Making the transition will involve a substantial learning curve, so organizations that have prepared prior to the release of the new NIST algorithms will be ‘at their mark’ on the starting line and ready to adopt them when the time comes. It is important for organizations to invest in tools, education, and gaining experience now, if they are not already doing so.
On the tools front, at least help is here now, the marketplace has already seen many new quantum-ready PKI and signing solutions go into production this year. For example, the new capabilities in Keyfactor EJBCA Enterprise and Keyfactor SignServer Enterprise can allow organizations to issue both quantum-ready PKI certificates and existing PKI certificates in the same environment. This allows users to test how well systems work with the new standards and assess what may need to change going forward. When ready, organizations could use EJBCA to set up an ML-DSA root certificate authority (CA) and a CA to issue the first quantum-ready code, then sign it with ML-DSA in SignServer. As organizations prepare for migration to the new algorithms, these hybrid certificates are a great way to enable PQC because they offer both quantum-ready capabilities and backward compatibility with current setups.
Keyfactor, which has kept abreast of NIST’s approval process, has PKI and signing solutions that support the new standards that will be ready as soon as they are formally released. With FIPS PUUB 204 ML-DSA, a digital signature scheme based on CRYSTALS-Dilithium, Keyfactor has been working both on the software element and with Hardware Security Modules (HSM) vendors to ensure that quantum-capable products are ready.
Regardless of the platform and tools enterprises choose, one thing is abundantly clear: the time to start preparing for a post-quantum world is now.
