An Invitational Virtual Workshop on Considerations in Migrating to Post-Quantum Cryptographic Algorithms

Monday, August 24, 2020

Workshop Objectives

The National Institute of Standards and Technology (NIST) will host a virtual workshop on August 24 2020. The purpose of the workshop is to discuss the challenges and investigate the practical and implementable approaches to ease the migration from the current set of public key cryptographic algorithms to replacement algorithms that are resistant to quantum computer based attacks. This effort complements the NIST post-quantum cryptography (PQC) standardization activities (https://csrc.nist.gov/projects/post-quantum-cryptography).

Background

The National Cybersecurity Center of Excellence (NCCoE) is initiating the development of practices in the form of white papers, playbooks, and demonstrable implementations for organizations to ease the migration from the current set of public key cryptographic algorithms to replacement algorithms that are resistant to quantum computer based attacks. From time to time, the discovery of a cryptographic weakness or advances in the technologies leads to the need to replace a legacy cryptographic algorithm. The advent of quantum computing technology will compromise many of the current cryptographic algorithms in particular public-key cryptography used widely to protect digital information. Algorithm replacement can be extremely disruptive and often takes decades to accomplish. The replacement of algorithms generally requires:

  • identifying the presence of the legacy algorithms,
  • understanding the data formats and application programing interfaces of cryptographic libraries to support necessary changes and replacements,
  • developing implementation validation tools,
  • discovering the hardware that implements or accelerates algorithm performance,
  • determining operating system and applications code that use the algorithm,
  • identifying all communications protocols with quantum-vulnerable crypto algorithms, and
  • updating the processes and procedures of developers, implementers, and users.

The new algorithms will likely not be drop-in replacement and they may not have the same performance or reliability characteristics as the legacy algorithms due to the differences in characteristics such as key size, signature size, error handling properties, number of execution steps required to perform the algorithm, and key establishment process complexity.

Once the replacement algorithms are selected, other operational considerations to accelerate the adoption and implementation across the organization include:

  • developing a risk-based approach, taking into consideration security requirements, business operations, and mission impact;
  • establishing a communication plan to be used within the organization and for external customers and partners;
  • identifying a migration timeline and the necessary resources;
  • updating or replacing security standards, procedures, and recommended practice documentation;
  • providing installation, configuration, and administration documentation, and
  • testing and validating the new processes and procedures.

See the NIST Cybersecurity White Paper Getting Ready for Post-Quantum Cryptography: Explore Challenges Associated with Adoption and Use of Post-Quantum Cryptographic Algorithms for additional background.

Call for Participation 

NIST invites industry subject matter experts and practitioners to present their views related to challenges to implementation, operations, and security associated with migration to new cryptographic algorithms. The primary focus of the workshop is on challenges faced by developers and implementers of cryptographic components, applications, operating systems, and network protocols. The workshop provides an opportunity for participants provide feedback on all aspects of the planned activities to include: impacted protocols, relevant standards, guidelines, recommended practices, use cases and technologies to be considered, and sources of specifications and guidance. NIST will use the resulting prioritized list of activities to help accelerate the development of a playbook for migration to post-quantum cryptography.  Requests to present at this workshop should be submitted to applied-crypto-pqc@nist.gov no later than August 10, 2020

This is an invitational workshop. If you are interested in participating in the workshop, please submit to applied-crypto-pqc@nist.gov a no more than one-page description of your interest to one or more of the following topics:

  • understanding the data formats and application programing interfaces of cryptographic libraries to support necessary changes and replacements
  • development of replacement hardware, software, and firmware that employ post-quantum algorithms
  • communications protocol implications of replacing current quantum-vulnerable public key algorithms
  • identification of your or your customers’ applications that employ current quantum-vulnerable public key algorithms
  • identification of protocols used by your organization or your customer organizations that employ current quantum-vulnerable public key algorithms
  • development of new or updated policies, standards, recommended practices or practices for installing, configuring and operating applications and systems that employ post-quantum algorithms
  • development of a roadmap for migrating systems and applications used by your organization or your customers from current public key algorithms to post-quantum algorithms

Those submitting these one-page descriptions will be invited to register up to three individuals for this virtual workshop. Submissions should be made no later than August 10, and registration will close on August 17. The workshop will be limited to 200 participants.

The workshop will be recorded and the content will be made available after the event. Please join the community of interest by sending an email to applied-crypto-pqc@nist.gov to get the latest updates on the activities related to Migrating to Post-Quantum Cryptographic Algorithms.


Agenda

 11:00 – 11:10 a.m.   

 NIST and NCCoE Overview

 11:10 – 11:25   

 Workshop Overview & Background

 11:25 – 11:45   

 Status of NIST PQC Activity

 11:45 – 11:55   

 Moderated Q&A

 11:55 – 12:00 p.m. 

 Break

 12:00 – 13:00   

 Challenges Session

  • Standard Developing Organizations (SDOs)
  • Hardware/Software Development and Production
  • Integration Challenges
  • Customer Challenges

 13:00 – 13:10   

 Moderated Q & A

 13:10 – 13:15     

 Break

 13:15 – 14:00   

 Five Minute Participant Lightning Talk Session

 14:00 – 14:15   

 Moderated Q & A

 14:15 – 14:30 p.m.   

 Next Steps/Wrap-up (NCCoE)

 

Questions? 

Please send an email to applied-crypto-pqc@nist.gov