Crypto Agility: Considerations for Migrating to Post-Quantum Cryptographic Algorithms

Download the Final Project Description & Submit a Letter of Interest

The NCCoE has released the final project description, Migration to Post-Quantum Cryptography, and has now published a Federal Register Notice seeking collaborators for the project. Use the buttons below to view this publication and request a Letter of Interest (LOI) to become a collaborator.

Download the PDF » Request LOI »

Current Status

The National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) is inviting industry participants and other interested parties to participate in the Migration to Post-Quantum Cryptography project.

If you are interested in joining the project team as a collaborator, please review the requirements identified in the Federal Register Notice which is based on the final project description.

Next, complete this short form and we will send you a Letter of Interest template along with instructions. 

Completed submissions are considered on a first-come, first served basis.

Questions and comments on this publication may also be submitted to applied-crypto-pqc@nist.gov.

Summary

The advent of quantum computing technology will compromise many of the current cryptographic algorithms, especially public-key cryptography, which is widely used to protect digital information. Most algorithms on which we depend are used worldwide in components of many different communications, processing, and storage systems. Once access to practical quantum computers becomes available, all public-key algorithms and associated protocols will be vulnerable to criminals, competitors, and other adversaries. It is critical to begin planning for the replacement of hardware, software, and services that use public-key algorithms now so that the information is protected from future attacks.

As reflected in National Institute of Standards and Technology (NIST) Interagency or Internal Report (NISTIR) 8105, Report on Post-Quantum Cryptography and NISTIR 8309, Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process, work on the development of quantum-resistant public-key cryptographic standards is underway, and the algorithm selection process is well in-hand, with algorithm selection expected to be completed in the next one to two years.

To complement that ongoing effort, the NCCoE has initiated a project to bring awareness to the issues involved in migrating to post-quantum algorithms and to develop practices to ease migration from current public-key algorithms to replacement algorithms that are resistant to quantum computer-based attacks. This project will develop white papers, playbooks, and demonstrable proof-of-concept implementations for organizations. The primary audience is organizations that provide cryptographic standards and protocols, and enterprises that develop, acquire, implement, and service cryptographic products.

NIST developed and posted a cybersecurity white paper, Getting Ready for Post-Quantum Cryptography to start the discussion. NIST also hosted a virtual workshop on Considerations in Migrating to Post-Quantum Cryptographic Algorithms on October 7, 2020, and the workshop materials and webcast are available. In addition, the NCCoE is forming a Cryptographic Applications community of interest in coordination with the NIST Post-Quantum Cryptography standardization team and the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) team to work on a migration playbook that would address the challenges and provide recommended practices to prepare for a smooth cryptographic migration. Click here to join the community of interest.