Rescheduled: Virtual Workshop on Considerations in Migrating to Post-Quantum Cryptographic Algorithms

Wednesday, October 7, 2020

This workshop was rescheduled from August 24. 

Workshop Objectives

The National Institute of Standards and Technology (NIST) will host a virtual workshop on Wednesday, October 7, 2020. The purpose of the workshop is to discuss the challenges and investigate the practical and implementable approaches to ease the migration from the current set of public key cryptographic algorithms to replacement algorithms that are resistant to quantum computer based attacks. This effort complements the NIST post-quantum cryptography (PQC) standardization activities (https://csrc.nist.gov/projects/post-quantum-cryptography).

Background

The National Cybersecurity Center of Excellence (NCCoE) is initiating the development of practices in the form of white papers, playbooks, and demonstrable implementations for organizations to ease the migration from the current set of public key cryptographic algorithms to replacement algorithms that are resistant to quantum computer based attacks. From time to time, the discovery of a cryptographic weakness or advances in the technologies leads to the need to replace a legacy cryptographic algorithm. The advent of quantum computing technology will compromise many of the current cryptographic algorithms in particular public-key cryptography used widely to protect digital information. Algorithm replacement can be extremely disruptive and often takes decades to accomplish. The replacement of algorithms generally requires:

  • identifying the presence of the legacy algorithms,
  • understanding the data formats and application programing interfaces of cryptographic libraries to support necessary changes and replacements,
  • developing implementation validation tools,
  • discovering the hardware that implements or accelerates algorithm performance,
  • determining operating system and applications code that use the algorithm,
  • identifying all communications protocols with quantum-vulnerable crypto algorithms, and
  • updating the processes and procedures of developers, implementers, and users.

The new algorithms will likely not be drop-in replacement and they may not have the same performance or reliability characteristics as the legacy algorithms due to the differences in characteristics such as key size, signature size, error handling properties, number of execution steps required to perform the algorithm, and key establishment process complexity.

Once the replacement algorithms are selected, other operational considerations to accelerate the adoption and implementation across the organization include:

  • developing a risk-based approach, taking into consideration security requirements, business operations, and mission impact;
  • establishing a communication plan to be used within the organization and for external customers and partners;
  • identifying a migration timeline and the necessary resources;
  • updating or replacing security standards, procedures, and recommended practice documentation;
  • providing installation, configuration, and administration documentation, and
  • testing and validating the new processes and procedures.

See the NIST Cybersecurity White Paper Getting Ready for Post-Quantum Cryptography: Explore Challenges Associated with Adoption and Use of Post-Quantum Cryptographic Algorithms for additional background.

The NCCoE will publish a summary of these contributions (without attribution) before the workshop to maximize the exchange of ideas. 

Registration for the workshop will close on October 2. The workshop will be limited to 1000 participants.

The workshop will be recorded and the content will be made available after the event. Please join the community of interest by sending an email to applied-crypto-pqc@nist.gov to get the latest updates on the activities related to Migrating to Post-Quantum Cryptographic Algorithms.

Agenda

 11:00 – 11:10 EDT  

 NIST and NCCoE Overview

 11:10 – 11:25 EDT   

 Workshop Overview & Background

 11:25 – 11:45 EDT      

 Status of NIST PQC Activity

 11:45 – 11:55 EDT   

 Moderated Q&A

 11:55 – 12:00 EDT

 Break

 12:00 – 13:00 EDT 

 Challenges Session

  • Standard Developing Organizations (SDOs)
  • Hardware/Software Development and Production
  • Integration Challenges
  • Customer Challenges

 13:00 – 13:10 EDT

 Moderated Q & A

 13:10 – 13:15 EDT     

 Break

 13:15 – 14:15 EDT 

 Five Minute Participant Lightning Talk Session

 14:15 – 14:30 EDT   

 Moderated Q & A

 14:30 – 14:45 EDT

 Next Steps/Wrap-up (NCCoE)

Questions? 

Please send an email to applied-crypto-pqc@nist.gov