NIST Post-Quantum Competition: And the Round 3 Finalists Are…
Originally published by Entrust here.
Written by Samantha Mabey, Entrust.
If you’ve been following the NIST Post-Quantum (PQ) Cryptography Competition, then you likely know the round 3 finalist have recently been announced. In the off chance you’re not familiar, here’s a little background:
- Quantum computers pose an inevitable threat to digital security
- It’s estimated that within the decade a quantum computer will be powerful enough to break cryptography as we know it today
- The U.S. National Institute of Standards and Technology (NIST) started running a Post-Quantum Cryptography Standardization Process Competition six years ago to identity quantum-safe algorithms
- Everyone is awaiting their recommendations, at which point all standards bodies will need to adopt changes and update protocols that rely on crypto
With the recent round 3 finalists announcement, we saw three selected digital signature algorithms move forward:
It’s important for vendors to now ensure their related products and services support all three algorithms.
Although the timeline for Post-Quantum (PQ) seems like a long way away, the switch to quantum safe algorithms is not just a regular crypto refresh cycle. The migration to quantum-safe algorithms could take several years. For some industries – like healthcare and critical infrastructure – the transition is already underway due to technology lifecycle and long-life data they have to ensure remains secure. To put it into perspective, think about the migration from SHA-1 to SHA-2. There was plenty of warning it was coming, plenty of time to prepare, and it was generally seen as a straightforward migration. But when the time came, some organizations really struggled with it – some are even still figuring it out! Well, the switch to PQ safe algorithms won’t even compare, so the time to start preparing is now.
A few things organizations should be looking at to prepare:
- Take inventory. Make sure you know what cryptographic assets and algorithms you have, and where they reside.
- Determine the value of your data, its shelf life, and how long it will take to migrate to post-quantum cryptography. When you know what’s at risk, you’ll know where to start.
As for NIST, the 4th and final round has now opened up, after which point they’ll announce their final recommendations.
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.