The NIST National Cybersecurity Center of Excellence (NCCoE) is initiating the development of practices to ease the migration from the current set of public-key cryptographic algorithms to replacement algorithms that are resistant to quantum computer-based attacks. These practices will take the form of white papers, playbooks, and demonstrable implementations for organizations—in particular, cryptographic developers and implementers. This effort complements the NIST post-quantum cryptography (PQC) standardization activities.

What is the Challenge?

The discovery of new cryptographic weaknesses or advances in the technologies supporting cryptanalysis often leads to the need to replace a legacy cryptographic algorithm. The advent of quantum computing technology will compromise many of the current cryptographic algorithms, especially public-key cryptography, which is widely used to protect digital information. Algorithm replacement can be extremely disruptive and often takes decades to accomplish. The replacement of algorithms generally requires:

• Identifying the presence of the legacy algorithms
• Understanding the data formats and application programming interfaces of cryptographic libraries to support necessary changes and replacements
• Developing implementation validation tools
• Discovering the hardware that implements or accelerates algorithm performance
• Determining operating system and applications code that uses the algorithm
• Identifying all communications devices with vulnerable protocols
• Updating the processes and procedures of developers, implementers, and users

The new algorithms will likely not be drop-in replacement, and they may not have the same performance or reliability characteristics as legacy algorithms due to differences in characteristics, such as key size, signature size, error handling properties, number of execution steps required to perform the algorithm, and key establishment process complexity.

Once the replacement algorithms are selected, other operational considerations to accelerate adoption and implementation across the organization include:

• Developing a risk-based approach that takes into consideration security requirements, business operations, and mission impact
• Establishing a communication plan to be used both within the organization and with external customers and partners
• Identifying a migration timeline and the necessary resources
• Updating or replacing security standards, procedures, and recommended practice documentation
• Providing installation, configuration, and administration documentation
• Testing and validating the new processes and procedures

Why is this important?

Cryptographic technologies are used throughout government and industry to protect the confidentiality and integrity of information at rest or in transit. Cryptographic algorithms are fundamental to these cryptographic technologies. With the advances in quantum computing technologies, public-key cryptographic algorithms can be compromised and no longer provide the security protection intended by their designers.

These algorithms are implemented in computers, mobile devices, storage, and network components that are deployed worldwide. Some algorithms require secret keys that are shared by originators and recipients of information, such as the Advanced Encryption Algorithm (AES). Other algorithms, such as RSA, use a private key held by one party to an exchange and a public key held by other parties to the exchange. Most cryptographic integrity and key establishment functions use public-key cryptography. Unfortunately, once practical quantum computing becomes available to cyber adversaries, attacks based on a process known as Shor’s algorithm will render ineffective all public-key cryptographic algorithms currently in widespread use.

What does this mean to me and my organization?

Access to practical quantum computers is uncertain at this time. However, once access becomes available, all public-key algorithms and associated protocols will be vulnerable to criminals, competitors, and other adversaries. These individuals can record and capture current information and communications and gain access to the raw content once quantum computing technology is available. This includes all recorded communications and stored information protected by those public-key algorithms. In addition to compromising the confidentiality of the information, the integrity of the information cannot be assured. As a result, it is critical to begin planning for the replacement of hardware, software, and services that use public-key algorithms now so that the information is protected from future attacks.

Work on post-quantum cryptographic standards and implementing guidelines is well underway. However, experience has shown that, in the best case, 5 to 15 or more years following the publication of quantum-resistant public-key cryptographic standards will still be required to implement those standards to replace most of the vulnerable public-key systems currently in use. This best case scenario assumes that significant implementation planning is initiated prior to the publication of post-quantum standards. Organizations can and should begin to plan and prepare for this transition now so that they are ready to adopt and implement the new algorithms at the end of the standardization process.

What is NIST doing to meet this challenge?

As reflected in NIST’s April 2016 NISTIR 8105, Report on Post-Quantum Cryptography, work on the development of quantum-resistant public key cryptographic standards is underway, and the algorithm selection process is well in-hand, with algorithm selection expected to be completed in the next 1 to 2 years (https://csrc.nist.gov/projects/post-quantum-cryptography).

To complement the ongoing effort, the NCCoE is initiating a campaign to bring awareness to the issues involved in migrating to post-quantum algorithms and develop white papers, playbooks, and proof-of-concept implementations. NIST has developed a draft cybersecurity white paper, Getting Ready for Post-Quantum Cryptography  to start the discussion. In addition, the NCCoE is forming a Cryptographic Applications community of interest to work on a migration playbook that would address the challenges previously described and provide recommended practices to prepare for a smooth cryptographic migration. Finally, findings from these activities and future workshops will drive the NCCoE’s development of practical, demonstrable implementations in collaboration with the community.

We invite your participation in the Applied Cryptography - PQC community of interest as well as your suggestions regarding workshops and other near-term activities. Please join the community of interest by sending an email to applied-crypto-pqc@nist.gov.