Migration to Post-Quantum Cryptography

The advent of quantum computing technology will compromise many of the current cryptographic algorithms, especially public-key cryptography, which is widely used to protect digital information. Most algorithms on which we depend are used worldwide in components of many different communications, processing, and storage systems. Once access to practical quantum computers becomes available, all public-key algorithms and associated protocols will be vulnerable to criminals, competitors, and other adversaries. It is critical to begin planning for the replacement of hardware, software, and services that use public-key algorithms now so that information is protected from future attacks.

Read our project FAQ

Initiating the development of practices to ease migration from the current set of public-key cryptographic algorithms to replacement algorithms that are resistant to quantum computer-based attacks

The project has two workstreams. The Cryptographic Discovery workstream is focused on the use of cryptographic inventory tools to allow an organization to learn where and how cryptography is being used to protect the confidentiality and integrity of your organization’s important data and digital systems. The discovery workstream is also looking at how cryptographic inventories can support risk management and prioritization decisions about where to implement the technologies that leverage the NIST standardized post-quantum cryptographic algorithms. The Interoperability and Performance workstream explores how the NIST PQC algorithms for key establishment and digital signature schemes will operate in communication protocols such as the Transport Layer Security (TLS) protocol, the Secure Shell (SSH) protocol and with hardware security modules (HSMs). The Interoperability and Performance workstream answers questions about how the soon-to-be standardized PQC algorithms will operate in communication protocols such as the Transport Layer Security (TLS) protocol and the Secure Shell (SSH) protocol and in hardware security modules (HSMs).

Status: Reviewing Comments

The public comment period has closed for this publication. We are currently reviewing the comments received. Thank you to everyone who shared their feedback with us.

NIST is adopting an agile process to publish this content. Each volume is being made available as soon as possible rather than delaying release until all volumes are completed. Work continues on implementing the example solution and developing other parts of the content. As a preliminary draft, we will publish at least one additional draft for public comment before it is finalized.

NIST SP 1800-38A: Executive Summary (Preliminary Draft)Document Version NIST SP 1800-38A: Executive Summary (Preliminary Draft)

NIST SP 1800-38B: Approach, Architecture, and Security Characteristics of Public Key Application Discovery Tools (Preliminary Draft)Document Version NIST SP 1800-38B: Approach, Architecture, and Security Characteristics of Public Key Application Discovery Tools (Preliminary Draft)

NIST SP 1800-38C: Quantum-Resistant Cryptography Technology Interoperability and Performance Report (Preliminary Draft)Document Version NIST SP 1800-38C: Quantum-Resistant Cryptography Technology Interoperability and Performance Report (Preliminary Draft)

Read the 2-page Fact Sheet

Project Abstract

The initial scope of this project is to demonstrate the discovery tools that can provide automated assistance in identifying where and how public-key cryptography is being used in hardware, firmware, operating systems, communication protocols, cryptographic libraries, and applications employed in data centers whether on-premise or in the cloud and distributed computer, storage, and network infrastructures. The audience for the project includes developers of products that use public-key cryptographic algorithms, as well as product integrators, customer organizations that acquire or configure these products, and bodies that standardize protocols that employ or are dependent on public-key cryptographic algorithms.

The recommended project will engage industry in demonstrating use of automated discovery tools to identify all instances of public-key algorithm use in an example network infrastructure’s computer and communications hardware, operating systems, application programs, communications protocols, key infrastructures, and access control mechanisms. The algorithm employed and its purpose would be identified for each affected infrastructure component.

Once the public-key cryptography components and associated assets in the enterprise are identified, the next element of the scope of the project is to prioritize those components that need to be considered first in the migration using a risk management methodology informed by “Mosca’s Theorem” and other recommended practices.

Finally, the project will provide systematic approaches for migrating from vulnerable algorithms to quantum-resistant algorithms across the different types of assets and their supporting underlying technology.

It is critical to begin planning for replacement of hardware, software, and services that use public-key algorithms now so that the information is protected from future attacks.

Read the Project Description

Factsheet

Quantum-readiness: Migration to Post-quantum Cryptography

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Institute of Standards and Technology (NIST) created this factsheet to inform organizations — especially those that support Critical Infrastructure — about the impacts of quantum capabilities, and to encourage the early planning for migration to post-quantum cryptographic standards.

Read the Factsheet

An illustration of a conception of digital cyberspace.

Supplemental Resources

White Paper: Getting Ready for Post-Quantum Cryptography: Exploring Challenges Associated with Adopting and Using Post-Quantum Cryptographic Algorithms. Describing the impact of quantum computing technology on classical cryptography, introducing the adoption challenges associated with post-quantum cryptography, and planning requirements for migration to post-quantum cryptography are discussed.

Virtual Workshop on Considerations in Migrating to Post-Quantum Cryptographic Algorithms. Recording and materials now available.

NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms. Learn more about the effort at Post-Quantum Cryptography | NIST.

Consortium Participants

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Post-Quantum Cryptography: the Good, the Bad, and the Powerful

This video featuring NIST’s Matthew Scholl emphasizes how NIST is working with the brightest minds in government, academia, and industry from around the world to develop a new set of encryption standards that will work with our current classical computers—while being resistant to the quantum machines of the future.

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI.