The NIST National Cybersecurity Center of Excellence (NCCoE) has released a preliminary draft practice guide, NIST Special Publication (SP) 1800-38B, Migration to Post-Quantum Cryptography, for public comment. The comment period is open now through February 20, 2024.
About the Project
NIST’s NCCoE initiated the Migration to Post-Quantum Cryptography (PQC) project to share insights and findings to ease migration from current public-key cryptographic algorithms to soon-to-be standardized PQC algorithms.
Why migrate to PQC? PQC algorithms are being standardized because advances in quantum computing could enable the compromise of many of the current cryptographic algorithms being widely used to protect digital information. Implementing PQC will protect digital information from an attack by cryptanalytically relevant quantum computer (CRQC) and cryptanalytically relevant classical computer.
Why did the NCCoE start this project? Previous initiatives to update or replace cryptographic algorithms in hardware, firmware, operating systems, communication protocols, cryptographic libraries, and applications employed in data centers on-premises or in the cloud and distributed compute, storage, and network infrastructures have taken many years. The NCCoE identified the need to bring together a collaborative team with expertise in cryptography to work together in the NCCoE PQC lab to perform cryptographic discovery and share what we have learned together as one means to reduce how long it will take an organization to achieve quantum readiness via PQC adoption.
Why should I read the Cryptographic Discovery publication? The publication assumes you are supporting your organization’s quantum readiness project, and you have a need for information to assess the risk of a CRQC to your organization. The information you need comes from discovery of where and how cryptographic products, algorithms, and protocols are used by your organization to protect the confidentiality and integrity of your organization’s important data and digital systems. This publication shares insights and findings about cryptographic discovery tools that may aid your progress.
Why should I read the Interoperability and Performance publication? The publication assumes you are supporting upgrading your use of quantum-vulnerable public-key cryptographic implementations, and you want to build your understanding of aspects of interoperability and performance for the soon-to-be standardized PQC algorithms to determine your approach for making your public-key cryptographic implementations quantum-resistant.
The public comment period for both Migration to PQC preliminary drafts, 1800-38B and 1800-38C, closes on February 20, 2024.
- View the publication.
- Submit comments via the webform on the project page.
- Email questions to firstname.lastname@example.org.
All comments that are received will be reviewed and adjudicated to inform a future draft of the publication.
We value and welcome your input and look forward to your comments.
Join the Community of Interest
If you would like to help shape this project, consider joining the NCCoE Migration to Post-Quantum Cryptography Community of Interest (COI) to receive the latest project news and updates! You can sign-up to become a COI member via the webform located at the bottom of our project page.