The New Quantum-Safe Algorithms Are Here, Now What?

The years-long wait is over: The final Federal Information Processing Standards (FIPS) for the first three quantum-safe cryptographic algorithms are here.

1. FIPS 203 is the key encapsulation method ML-KEM, based upon the algorithm Kyber, submitted to the PQC algorithm competition.
2. FIPS 204 is the most generic digital signature algorithm ML-DSA, based upon the  Dilithium algorithm.
3. FIPS 205 is the hash-based digital signature algorithm, based upon the  SPHINCS+ algorithm.

With the release of the final standards, it’s important to abandon the draft algorithms since their associated identifiers (OIDS) are now obsolete. Any work done with the drafts will still be useful since the characteristics are similar in the final algorithms, but all future interoperability lies with the final standards.

Beyond abandoning the draft algorithms, what else can we expect now that the final standards are available? Here’s what you need to know.

The release of these quantum-safe algorithms has ushered in a period of high activity as technology vendors work to make the necessary updates. Some of these updates can happen simultaneously, while others must happen sequentially, meaning it will be a few months before everything is in place and fully updated. 

Key activities for software vendors include:

• Structural updates: Standardization organizations will finalize and release updates for structures like certificates and CMS messages.

• Cryptographic library updates: Vendors will update cryptographic libraries to match the new algorithms. For Keyfactor, this means updating the Bouncy Castle cryptographic APIs, which is a top priority for our team.

• Interoperability testing: Teams will need to lead new interoperability testing between different libraries, both against the NIST test servers for the algorithms themselves and against structures like certificates and CMS messages under the IETF umbrella.

• Application updates: Once they are released, vendors will update applications with new versions of cryptographic libraries and other management details, such as names in UIs and OIDs.
• Quality assurance: Vendors will also need to lead QA efforts to ensure everything functions securely and properly once the new updates are in place.

And the work doesn’t end there. We also need to consider hardware updates, as hardware security modules (HSMs) are mandatory for most production environments. As a result, HSM vendors are already working on firmware to support the new algorithms. These updates also involve standards, such as PKCS#11, that need to be updated by the standardization organization. 

Once new HSM firmware is available, teams can lead integration testing to deliver a fully tested PKI system. The good news is that since most teams tested with the draft algorithms, everything is already set up to test the final standards as fast as possible. 

With nearly everything requiring an update, what can we expect regarding the timing of all this? Between the number of steps involved and the fact that we’re dealing with cybersecurity, there are bound to be surprises, so it’s hard to pin down an exact timeline.

That said, if everything goes as planned, we can expect to see updated cryptographic libraries first, followed by updated applications, and finally, a new HSM integration. If we’re lucky, we’ll be able to demonstrate a fully integrated system that’s ready for production in time for the holiday season. Of course, the exact timing will also depend on the specific features each organization needs in the final product.

For example, FIPS certification is a big deal for some organizations, but that’s still in the works at NIST. That means the FIPS certification likely won’t be complete by the time the new cryptographic modules and HSMs are ready. The exact timing for the certification is hard to predict; historically, it has ranged from two to 18 months, depending on the queue at NIST and other factors. Based on this track record, we can reasonably expect it will be finalized sometime in 2025.

Even if FIPS certification is important for your project, don’t let the lack of certification delay your project – the certification will come, and non-certified solutions can be deployed in testing to make the move to production easy when the time arrives.

The post-quantum computing game is heating up. We’re coming into the final sprint as we move from the planning phase to the implementation phase of the transition.

So what should you do now?

• Start to plan an update of your test systems to the final algorithms, with the goal that this will be what you move into production. 
• Ensure that your vendors have a roadmap for supporting the final versions of the algorithms.
• Continue working on discovery, crypto-agility, and planning your cryptographic migrations.

Critically, there’s no time to lose as the transition barrels ahead. We’ll soon see just how important all the planning is that teams have done to date.

Keyfactor is here to help make your team’s transition to post-quantum cryptography as smooth as possible. With several quantum-ready products and a dedicated PQC Lab, Keyfactor has all the resources you need to secure your systems and data and test quantum-ready certificates.

Click here to learn more and get started with Keyfactor’s PQC Lab.