NIST PQC Standardization – What You Need to Know

Implications of the NIST PQC announcement: 

NIST has just fired the starting pistol for the greatest security migration in history, yet for many, today is the first they’re hearing about it.

As of the NIST announcement, the key exchange algorithms and digital signatures that have protected data communications are considered obsolete and the official migration to NIST’s quantum-secure versions has begun. We officially live in a post-RSA world.

For leaders who have been aware of the quantum threat but were waiting for clarity on the path forward, this is the signal that cuts through the noise around quantum. For organizations and governments that deal with sensitive data, NIST’s guidance is to begin adopting the new standards immediately. Leaders who are hearing about the new standards for the first time should engage a trusted partner to help navigate what applications and communications should be addressed first and which can be deferred until later.

Where did These New Algorithms Come From? 

The new post-quantum cryptography standards are not new. Some of the smartest cryptographers and mathematicians in the world have been designing these algorithms and putting them through rigorous testing for nearly a decade. NIST began running this competition because when quantum computers scale to just over 4000 error-corrected qubits, they will be able to leverage Shor’s algorithm to break today’s asymmetric encryption on the complexity level of RSA-2048. This is the final round of the competition, but we have known what these standards were likely to be for the past few years.

We (QuSecure) have been deploying these post quantum cryptography standards for the past four years, primarily with the US government, financial sector leaders, and telecommunications organizations. Organizations that can be publicly named include the US Army, US Air Force, Franklin Templeton and Swisscom.

Such organizations were motivated to start early because of the store now decrypt later threat to data. This is the idea that bad actors – both private and government-funded – have been harvesting sensitive data as it travels across networks with the intent to decrypt that data while it is still useful. This data includes national security information, electronic health records, bank account information, private text messages and emails, and more.

Why this Announcement is much bigger the post-quantum cryptography: Crypto Agility 

Mandates around the post-quantum migration emphasize the importance of deploying crypto-agile encryption management systems. But why?

Virtually every organization in the world (and virtually all technology users) rely on encryption to keep their data safe, yet historically encryption has not been centrally managed. Organizations often rely on disparate third parties and spreadsheets to manage encryption inventories, and patch encryption libraries manually for each affected system. Broken encryption methods sometimes remain active for years without organizations noticing. The incoming quantum threat has underscored the growing need for organizations to take control of their encryption and be able to deploy encryption updates more quickly to remain ahead.

The NIST competition has been pushing forward multiple candidate algorithms at each round so that in the end we have thoroughly-vetted options based on different mathematical primitives that are quantum secure. It is unlikely that if an attack on one algorithm is discovered, a separate attack would threaten the alternatives at the same time. The NIST competition has been run with crypto agility at its core – in order to avoid future situations like the one we are encountering now where one math problem underlies our encryption and that very math problem is vulnerable to a single type of quantum attack.

No one expects PQC or any encryption algorithm to last forever. With advances in both quantum computing and AI, threats to encryption are more intelligent and dynamic than in the past. Organizations can no longer afford years-long processes of inventorying their systems that use encryption and patching them one-by-one.

Moving to the new paradigm of crypto agility means the ability to switch to new algorithms and encryption libraries as old ones are threatened, without ever taking impacted systems offline. This means instead of taking years and large IT budgets to migrate, it could take system administrators minutes to rotate to new algorithms or more secure implementations of algorithms. This is the beauty of the quantum threat to encryption – it has forced us to take a step back and fundamentally redesign a more logical future for encrypted communications.

Why Government and Highly Regulated Industries Started Two Years Ago: 

There is no Q-Day or Y2Q that lies ahead of us. It is already behind us. Between store now decrypt later attacks and the NIST standardization announcement, organizations now should begin immediately to adopt these standards. The US government officially began the migration process in 2022 after two national security memos from the White House and a law were released mandating all government agencies begin adopting post-quantum cryptography. This was spurred on by the understanding that in the face of store now, decrypt later hacks, data relevant to national security needs to be properly encrypted today to prevent leaks in the coming years when a cryptographically relevant quantum computer comes online.

Clarity on Path Forward for Business and Government Leaders: 

We must come together to give clear direction. The term “quantum” is intimidating. It can lead people to assume you need a quantum solution to the quantum threat, which is untrue. Post-quantum cryptography, for all its complex vocabulary is actually quite accessible. It is critical we demystify and de-hype quantum security. Post-quantum encryption algorithms are simply math problems that are mathematically secure against known quantum decryption algorithms – namely Shor’s algorithm.

It is true that virtually all secure digital communications now require an upgrade to post-quantum encryption, and that migration should start now, however some use cases are higher priority while others can safely be deferred for several years.

Priority 1: Data that needs to remain private for several years. Such data breaches brought on by SNDL and later quantum decryption can cause organizations to face negative business impacts should that data were harvested today and made human readable to bad actors in the coming years. For example – national security information, electronic health records, trade secrets, online banking accounts, etc. Organizations should target deploying post-quantum encryption as soon as possible.

Priority 2: Data that is highly sensitive but only needs to remain private for a short period of time, as well as systems where there would be significant negative impact if control of those systems could be intercepted and manipulated by bad actors. For example – stock trades to be executed the following day, public company earnings filed shortly before announcing publicly, as well as industrial control systems, energy grid, telecommunications networks, etc. Such data is not as vulnerable to store now decrypt later attacks, however would be highly vulnerable when a cryptographically relevant quantum computer comes online. As such, organizations will need to ensure those use cases are quantum secure before such a quantum computer is available. Organizations should target completing deploying of post-quantum encryption to such use cases in the next 18-24 months.

Priority 3: Data that travels over encrypted networks but has a short shelf life and would be unlikely to cause serious business impact if it were leaked. For example – weather channel data, and other use cases where that information is made publicly available soon after creation, etc. Organizations should target completing deploying of post-quantum encryption to such use cases by 2030.

Organizations will generally begin this migration by carrying out an inventorying of all their assets that use encryption. To complete this inventorying process, organizations should choose to use tools where during the process, endpoints are onboarded into a cryptography management platform that offers real-time auditable cryptographic inventory that is updated whenever the encryption algorithms are changed. This ensures efforts are not wasted on time consuming one-off inventorying processes every few years and that encryption upgrades no longer have to be manual and point-wise.

We offer a complimentary PQC Ideation Workshop, providing your organization with a tailored roadmap to effectively begin implementing quantum-resilient data security measures. – https://www.qusecure.com/quprotect/book-free-pqc-solution-ideation-workshop/