After six years of competition, analysis, and testing, NIST has finally selected a suite of four quantum secure algorithms that will be used to secure the world as quantum computers are adopted.
2022 has seen an enormous spike in preparations and dialogue around post quantum cryptography and the upcoming need to migrate, highlighted by two executive orders pulling crypto-inventory & agility right to the top of the cyber security agenda.
NIST now provides this newly invigorated community with clarity on what is ahead. After 6 years, 69 submitted algorithms, and hundreds of the world's brightest scientists and engineers, NIST has selected 4 algorithms that will enhance the world’s cybersecurity foundations ahead of the adoption of quantum computers:
- CRYSTALS-KYBER (for Encryption)
- CRYSTALS-DILITHIUM (for Digital Signatures)
- FALCON (for Digital Signatures when signature size needs to be small)
- SPHINCS+ (an alternative Signature mechanism that doesn’t rely on Lattices
Why the Selection of Post-Quantum Cryptography Matters Today
Estimates for the arrival of a cryptographically significant computer range from 10 to 20 years, but action is required today in 2022. Migrations to new cryptography have historically taken far longer than anticipated. Moving from MD5, SHA-1, 3DES, and other deprecated cryptography has shown the incredible complexity and business continuity risks associated with any migrations, and have shown the need for new technologies and better methodologies.
Moreover, even today the threat of quantum computing applies to highly sensitive data. Store Now Decrypt Later attacks are set to cause enormous damage to organisations in the future. This attack is focused on highly sensitive data, intellectual property, and classified documents that will continue to be valuable in 10+ years. The cyber criminals steal the data in its encrypted form and will begin brute forcing the cryptography as quantum computing becomes feasible.
For organisations worried about these attacks, having an official selection of post quantum algorithms will enable them to act now.
Did NIST Make the Right Choices?
The result of any NIST selection always causes a certain amount of controversy. As Cryptosense CEO Dr Graham Steel noted in an interview with Ars Technica, these choices are certainly reasonable, but there are nonetheless a few issues that will cause ongoing debate. The first is: what about Classic McEliece, a code-based scheme based on a 1978 design that is perhaps the most conservative choice in terms of security? The German BSI already standardized (a version of) it, and many cryptographers wanted to see it included as an option while we continue to work on the security analysis of the newer schemes. NIST reserved the right to standardize it later, but for now, if you have to use NIST algorithms, it is off the table.
The second issue is patents. The NIST PQC competition is explicitly required to produce winners unencumbered by patents, but it seems that issues around patents closely related to the winning CRYSTALS designs haven’t yet been completely resolved. NIST assures us that these final issues will be resolved before full standardization is complete, but while doubt remains, implementers might be slow to adopt, causing a longer window of exposure.
Anyway, with NIST’s selection now complete, the industry can begin to focus its attention on the HOW, rather than the WHAT.
What’s Next?
With the algorithm selection complete, the spotlight now intensifies on the work ahead. The Cryptosense team is now working with the NIST NCCOE (National Cybersecurity Centre of Excellence) and 11 other collaborating vendors to create best practice guidance on how to migrate safely and efficiently. You can read more about this project here.
However, even ahead of this deeper guidance, you can still get started today with three key steps.
1. Build a Meaningful Cryptography Inventory
For those looking to start preparations, nothing is more foundational than getting visibility of what you need to migrate. A good inventory will be automated, comprehensive in its view, will map crypto-objects to dependencies, and have the integrations and automations required to enable a migration.
2. Enable Crypto-Agility
This won’t be our last migration. It is very likely that at least one of the 4 algorithms will be broken and subsequently deprecated within the next few years. If this is the case then it is critical that we have adopted a posture of crypto-agility to enable rapid adoption of new cryptography as required.
3. Write your Migration Playbook
Ultimately, every organisation is unique and will therefore require their own migration playbook. In order to act quickly while ensuring the security, compliance, and business continuity requirements are being met, it is important that there is a definitive process and clear ownership in place.
Getting Started:
If you’re at the start of your Post-Quantum Cryptography Journey then you can get access to our free Post-Quantum Solution Brief.