Virtual Workshop on Considerations in Migrating to Post-Quantum Cryptographic Algorithms

Monday, August 24, 2020

Workshop Objectives

The National Institute of Standards and Technology (NIST) will host a virtual workshop on August 24 2020. The purpose of the workshop is to discuss the challenges and investigate the practical and implementable approaches to ease the migration from the current set of public key cryptographic algorithms to replacement algorithms that are resistant to quantum computer based attacks. This effort complements the NIST post-quantum cryptography (PQC) standardization activities (https://csrc.nist.gov/projects/post-quantum-cryptography).

Background

The National Cybersecurity Center of Excellence (NCCoE) is initiating the development of practices in the form of white papers, playbooks, and demonstrable implementations for organizations to ease the migration from the current set of public key cryptographic algorithms to replacement algorithms that are resistant to quantum computer based attacks. From time to time, the discovery of a cryptographic weakness or advances in the technologies leads to the need to replace a legacy cryptographic algorithm. The advent of quantum computing technology will compromise many of the current cryptographic algorithms in particular public-key cryptography used widely to protect digital information. Algorithm replacement can be extremely disruptive and often takes decades to accomplish. The replacement of algorithms generally requires:

  • identifying the presence of the legacy algorithms,
  • understanding the data formats and application programing interfaces of cryptographic libraries to support necessary changes and replacements,
  • developing implementation validation tools,
  • discovering the hardware that implements or accelerates algorithm performance,
  • determining operating system and applications code that use the algorithm,
  • identifying all communications protocols with quantum-vulnerable crypto algorithms, and
  • updating the processes and procedures of developers, implementers, and users.

The new algorithms will likely not be drop-in replacement and they may not have the same performance or reliability characteristics as the legacy algorithms due to the differences in characteristics such as key size, signature size, error handling properties, number of execution steps required to perform the algorithm, and key establishment process complexity.

Once the replacement algorithms are selected, other operational considerations to accelerate the adoption and implementation across the organization include:

  • developing a risk-based approach, taking into consideration security requirements, business operations, and mission impact;
  • establishing a communication plan to be used within the organization and for external customers and partners;
  • identifying a migration timeline and the necessary resources;
  • updating or replacing security standards, procedures, and recommended practice documentation;
  • providing installation, configuration, and administration documentation, and
  • testing and validating the new processes and procedures.

See the NIST Cybersecurity White Paper Getting Ready for Post-Quantum Cryptography: Explore Challenges Associated with Adoption and Use of Post-Quantum Cryptographic Algorithms for additional background.

Call for Participation 

NIST invites industry subject matter experts and practitioners to present their views related to challenges to implementation, operations, and security associated with migration to new cryptographic algorithms. The primary focus of the workshop is on challenges faced by developers and implementers of cryptographic components, applications, operating systems, and network protocols. The workshop provides an opportunity for participants provide feedback on all aspects of the planned activities to include: impacted protocols, relevant standards, guidelines, recommended practices, use cases and technologies to be considered, and sources of specifications and guidance. NIST will use the resulting prioritized list of activities to help accelerate the development of a playbook for migration to post-quantum cryptography. 

Please register for this workshop.  

If you would like to present in the lightning session, please submit a position to applied-crypto-pqc@nist.gov no later than August 7, 2020. The paper should be no more than one-page description of your insights on one or more of the following topics:

  • understanding the data formats and application programing interfaces of cryptographic libraries to support necessary changes and replacements
  • development of replacement hardware, software, and firmware that employ post-quantum algorithms
  • communications protocol implications of replacing current quantum-vulnerable public key algorithms
  • identification of your or your customers’ applications that employ current quantum-vulnerable public key algorithms
  • identification of protocols used by your organization or your customer organizations that employ current quantum-vulnerable public key algorithms
  • development of new or updated policies, standards, recommended practices or practices for installing, configuring and operating applications and systems that employ post-quantum algorithms
  • development of a roadmap for migrating systems and applications used by your organization or your customers from current public key algorithms to post-quantum algorithms

The NCCoE will publish a summary of these contributions (without attribution) before the workshop to maximize the exchange of ideas. Submissions should be made no later than August 7, 2020.

Registration for the workshop will close on August 20. The workshop will be limited to 1000 participants.

The workshop will be recorded and the content will be made available after the event. Please join the community of interest by sending an email to applied-crypto-pqc@nist.gov to get the latest updates on the activities related to Migrating to Post-Quantum Cryptographic Algorithms.

Agenda

 11:00 – 11:10 EDT  

 NIST and NCCoE Overview

 11:10 – 11:25 EDT   

 Workshop Overview & Background

 11:25 – 11:45 EDT      

 Status of NIST PQC Activity

 11:45 – 11:55 EDT   

 Moderated Q&A

 11:55 – 12:00 EDT

 Break

 12:00 – 13:00 EDT 

 Challenges Session

  • Standard Developing Organizations (SDOs)
  • Hardware/Software Development and Production
  • Integration Challenges
  • Customer Challenges

 13:00 – 13:10 EDT

 Moderated Q & A

 13:10 – 13:15 EDT     

 Break

 13:15 – 14:15 EDT 

 Five Minute Participant Lightning Talk Session

 14:15 – 14:30 EDT   

 Moderated Q & A

 14:30 – 14:45 EDT

 Next Steps/Wrap-up (NCCoE)

Questions? 

Please send an email to applied-crypto-pqc@nist.gov