The American National Institute of Standards and Technology (NIST) has published 3 standards for quantum-secure cryptography. This cryptography is necessary to manage the risks of a future quantum computer. The standards will help you create a migration plan to quantum-secure cryptography for your organisation.
The new quantum-secure standards focus on 2 fundamental functions of cryptography: key encapsulation and digital signature generation. The official names of the standards are FIPS 203, FIPS 204 and FIPS 205.
It is expected that quantum-secure cryptography – based on these standards – will gradually be incorporated into (communication) standards, (software) libraries, implementations, products and services. NIST is expected to finalise a fourth standard. Further standards will be developed in the coming years.
What does this mean for your organisation?
It will take a lot of time and resources for organisations to migrate to quantum-secure cryptography. It is therefore important for organisations to start preparing for the migration to quantum-secure cryptography now. This starts with conducting a risk analysis specific to the quantum threat. The next step is creating a migration plan. The 3 standards will help you do this.
Points to consider are:
- Get in touch with your suppliers, customers and other stakeholders and make agreements. Your migration plan will depend, in part, on their plans.
- Stay agile. Make sure that you can replace cryptography quickly if there are vulnerabilities in the algorithms or their implementation.
- Combine new algorithms with classic ones. Standards are relatively new and there is little experience of large-scale implementation.
Concrete tools
Do you want to know more about the threat of a powerful quantum computer and are you looking for concrete tools to develop a migration plan? Read the ‘Make your organisation quantum secure‘ guide from the NCSC and the AIVD.