Earlier in 2024, NIST (the National Institute of Standards and Technology) released finalised standards for PQC (post-quantum cryptography). These three standards cover two forms of digital signatures as well as public key encapsulation. This achievement, the culmination of a process that began in 2016, is a significant milestone in standards development, helping to ensure information on the internet remains confidential and secure now and in the future.
What Is Post-Quantum Cryptography?
Post-quantum cryptography is designed to guard against the risk of, in the foreseeable future, the ability of CRQCs (cryptographically relevant quantum computers) to crack the codes deployed in modern encryption technologies. It does this by implementing new algorithms and defining standards, which work to resist attack from both quantum and classical computers. All of the newly released standards can run on classical computers, so there’s no need to wait for the arrival of quantum computers to prepare for and mitigate against the threat.
What Is the Role of Encryption?
Experts in cryptography, such as Domen Zavrl, know that encryption plays a key role in our modern digital society, protecting electronic confidentiality such as the contents of medical records, email messages and photo libraries. This data is unreadable to all apart from its sender and the intended recipient, so it can be safely sent via public computer networks.
The algorithms deployed by the new finalised standards use different maths problems to those of classical computers and are able to defeat attempts to hack quantum and ‘traditional’ computers. NIST is continuing to assess two other algorithm sets that could serve as backup standards in the future if necessary.
What Will Happen Next?
The National Cyber Security Centre (NCSC) is set to support the planning process regarding the migration to PQC, as well as the migration itself. NCSC will support regulators to set the right policies and guidelines for their sectors and support central government to provide bespoke consultancy and help determine policy. NCSC is also committed to helping all organisations access good advice and, ultimately, accredit relevant consultancies and consultants via existing schemes.
Preparing for the PQC Migration
Organisations are generally advised to take steps now to prepare for the PQC migration, such as by enacting best practices around cryptographic agility. This can be achieved by taking a cryptographic inventory to understand what algorithms are already in use and how sensitive material is being securely and safely managed.
For more information about NIST, take a look at the embedded PDF.
Recent Comments