The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) has released two preliminary draft practice guides “to share insights and findings to ease migration from current public-key cryptographic algorithms to soon-to-be standardized” post-quantum cryptography (PQC) algorithms.
The two documents — Quantum Readiness: Cryptographic Discovery and Quantum Readiness: Testing Draft Standards — are open for public comment until Feb. 20, 2024.
The Quantum Readiness: Cryptographic Discovery document outlines the functional test plan that tasks cryptographic tools with finding faulty security configurations in digital networks. It also describes use case scenarios that provide context in demonstrating successful post-quantum system migrations.
“The publication assumes you are supporting your organization’s quantum readiness project, and you have a need for information to assess the risk of a CRQC to your organization,” NIST wrote in a press release on the first draft guidance document.
“The information you need comes from discovery of where and how cryptographic products, algorithms, and protocols are used by your organization to protect the confidentiality and integrity of your organization’s important data and digital systems,” the agency said. “This publication shares insights and findings about cryptographic discovery tools that may aid your progress.”
The second draft document, Quantum Readiness: Testing Draft Standards, emphasizes how to harmonize quantum-resilient algorithms with existing network infrastructure, and also offers resolutions for compatibility issues in a controlled, non-production environment.
“The publication assumes you are supporting upgrading your use of quantum-vulnerable public-key cryptographic implementations, and you want to build your understanding of aspects of interoperability and performance for the soon-to-be standardized PQC algorithms to determine your approach for making your public-key cryptographic implementations quantum-resistant,” NIST wrote of the second draft document.
NCCoE launched its Migration to Post-Quantum Cryptography Project in 2021, with the goal to “demonstrate the discovery tools that can provide automated assistance in identifying where and how public-key cryptography is being used in hardware, firmware, operating systems, communication protocols, cryptographic libraries, and applications employed in data centers whether on-premise or in the cloud and distributed computer, storage, and network infrastructures.”
NIST has been at the forefront of standardizing the first steps in post-quantum cryptographic migration – an initiative the Biden administration has prioritized, calling for the Federal government to reach a 2035 deadline for a post-quantum future.
Experts fear that these quantum-based systems – which they say are only 10 to 20 years away – will be able to break all known forms of encryption used to protect unclassified systems.
