Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

NIST Post-Quantum Competition: And the Round 3 Finalists Are…

Published 09/19/2022

NIST Post-Quantum Competition: And the Round 3 Finalists Are…

Originally published by Entrust here.

Written by Samantha Mabey, Entrust.

If you’ve been following the NIST Post-Quantum (PQ) Cryptography Competition, then you likely know the round 3 finalist have recently been announced. In the off chance you’re not familiar, here’s a little background:

  • Quantum computers pose an inevitable threat to digital security
  • It’s estimated that within the decade a quantum computer will be powerful enough to break cryptography as we know it today
  • The U.S. National Institute of Standards and Technology (NIST) started running a Post-Quantum Cryptography Standardization Process Competition six years ago to identity quantum-safe algorithms
  • Everyone is awaiting their recommendations, at which point all standards bodies will need to adopt changes and update protocols that rely on crypto

With the recent round 3 finalists announcement, we saw three selected digital signature algorithms move forward:

  • CRYTSTALS-DILITHIUM
  • FALCON
  • SPHINCS+

It’s important for vendors to now ensure their related products and services support all three algorithms.

Although the timeline for Post-Quantum (PQ) seems like a long way away, the switch to quantum safe algorithms is not just a regular crypto refresh cycle. The migration to quantum-safe algorithms could take several years. For some industries – like healthcare and critical infrastructure – the transition is already underway due to technology lifecycle and long-life data they have to ensure remains secure. To put it into perspective, think about the migration from SHA-1 to SHA-2. There was plenty of warning it was coming, plenty of time to prepare, and it was generally seen as a straightforward migration. But when the time came, some organizations really struggled with it – some are even still figuring it out! Well, the switch to PQ safe algorithms won’t even compare, so the time to start preparing is now.

A few things organizations should be looking at to prepare:

  • Take inventory. Make sure you know what cryptographic assets and algorithms you have, and where they reside.
  • Determine the value of your data, its shelf life, and how long it will take to migrate to post-quantum cryptography. When you know what’s at risk, you’ll know where to start.
  • TEST…

As for NIST, the 4th and final round has now opened up, after which point they’ll announce their final recommendations.

Share this content on your favorite social network today!