RSA, ECDSA, EdDSA, DH and ECDH will be officially deprecated by 2030 and disallowed after 2035
In a landmark move, the National Institute of Standards and Technology (NIST) has set an official deadline for transitioning away from legacy encryption algorithms: by 2030, RSA, ECDSA, EdDSA, DH, and ECDH will be deprecated, and by 2035, they will be completely disallowed.
This timeline acknowledges the growing quantum threat, with some analysts predicting state actors may have quantum decryption capabilities as early as 2028.
Keyfactor is leading the charge in post-quantum readiness, helping organizations prepare now to stay secure throughout this monumental shift. Our PQC Lab and quantum-ready PKI, signing, and certificate management solutions make it easy to evaluate the impact of these changes and start your transition today.
The Urgency: Why Act Now?
Quantum computers will soon be capable of breaking the cryptographic algorithms that have long protected sensitive data. The immediate danger lies in the “harvest now, decrypt later” strategy, where adversaries steal encrypted data today to decrypt it once quantum computers become available. Sensitive data that requires long-term protection is especially vulnerable.
Keyfactor offers a proactive approach to securing data before quantum threats materialize.
Migration Considerations: Why Waiting Isn’t an Option
While the timeline targets 2035, migrating to PQC is complex and takes years, especially for large enterprises.
For example, the shift from SHA-1 to SHA-2 took over 12 years across industries. With quantum threats emerging sooner than expected, we don’t have the luxury of waiting.
What This News Means for You
Earlier today I had an engaging conversation with our team. This video dives into why this transition is happening and how it will impact your organization’s security. It’s a must-watch to understand what’s coming and what’s at stake.
The key takeaways:
- We have a deadline: While experts predict quantum computers will break current algorithms between 2029 and 2035, now we have an official deadline to work toward.
- No room for delay: Quantum readiness is no longer optional. NIST’s announcement means organizations must begin transitioning to quantum-safe cryptography now.
- A short window: By cybersecurity standards, 2030 is right around the corner. This is the time to make PQC a top priority.
Key Use Cases for PQC Implementation
As we discuss in the video above, the need for quantum-safe cryptography spans multiple domains within an organization:
- Code Signing: Prevent tampering with software by securing it with quantum-resistant signatures.
- User and Machine Authentication: Ensure authentication processes withstand quantum attacks.
- Network Security Protocols: Update protocols to protect communications against quantum decryption.
- Email and Document Signing/Encryption: Secure long-term data by moving to quantum-resistant methods.
Keyfactor’s comprehensive solutions for certificate lifecycle management, PKI modernization, and cryptographic inventory help implement PQC in these critical areas.
How Keyfactor Supports Your Transition
Keyfactor’s mission is to help organizations confidently navigate this transition with a comprehensive, three-step process:
- Know what you have: Use Keyfactor Command to gain a complete inventory of crypto-assets, specifically certificates. This first step is essential for assessing migration scope and identifying risks.
- Modernize your PKI & signing infrastructure: Keyfactor’s EJBCA, SignServer, and Bouncy Castle provide essential support for modernizing PKI, signing, and cryptographic libraries, enabling organizations to migrate to NIST-standardized algorithms. Worth noting, the latest Bouncy Castle Java 1.79 release now supports the new NIST PQC standards, including ML-KEM and ML-DSA, providing developers with the tools to implement quantum-safe solutions in applications like S/MIME-encrypted messaging and long-term encryption-at-rest. Keyfactor’s EJBCA PKI solution will be among the first to support these advancements.
- Automate migration: Keyfactor Command and EJBCA offer powerful automation capabilities to manage certificate migration, whether through orchestrators or protocols, to new hybrid or quantum-safe certificates – tasks that are nearly impossible with manual methods.
Looking Ahead: Time to Act Now
Forward-thinking organizations are already testing their crypto-agility and modernizing their infrastructures.
At Keyfactor, we’re here to guide you every step of the way. Don’t wait until the last minute to make quantum-safe security a reality. Starting today gives you a vital edge in the race against quantum threats and ensures your organization’s cryptographic infrastructure remains secure and agile, no matter what the future holds.
Reach out for a custom demo or to speak with one of our PQC experts today.
