NIST releases 2 draft guides to prepare for post-quantum migration
The guidelines aim to help organizations incorporate quantum-resistant algorithms into their existing security infrastructures.
The National Institute of Standards and Technology released two draft publications to guide entities aiming to shift their encryption schemes to ones designed to thwart attacks from a potential quantum computer, opening the documents for public comment as the agency works to usher in the next era of cybersecurity.
In two documents — Quantum Readiness: Cryptographic Discovery and Quantum Readiness: Testing Draft Standards for Interoperability and Performance — NIST officials outline concrete issues that can arise when migrating to a new post-quantum cryptographic standard and offer potential solutions.
The Quantum Readiness: Cryptographic Discovery document outlines the functional test plan that tasks cryptographic tools with finding faulty security configurations in digital networks. It also describes use case scenarios that provide context in demonstrating successful post-quantum system migrations.
The second draft document, Quantum Readiness: Testing Draft Standards for Interoperability and Performance, emphasizes how to harmonize quantum-resilient algorithms with existing network infrastructure, and also offers resolutions for compatibility issues in a controlled, non-production environment.
NIST has been at the forefront of standardizing the first steps in post-quantum cryptographic migration. The initiative, which was prioritized in President Joe Biden’s National Cybersecurity Strategy, aims to keep agencies and organizations ahead of the advent of a fault-tolerant quantum computer. Experts fear that these systems –– which process larger volumes of data as qubits rather than standard binary digits –– will break through modern security configurations without sufficient updates to networks’ public key codes.
“PQC algorithms are being standardized because advances in quantum computing could enable the compromise of many of the current cryptographic algorithms being widely used to protect digital information,” a NIST press release on the Cryptographic Discovery document said.
Officials added that the interoperability draft guidance “assumes you are supporting upgrading your use of quantum-vulnerable public-key cryptographic implementations, and you want to build your understanding of aspects of interoperability and performance for the soon-to-be standardized PQC algorithms to determine your approach for making your public-key cryptographic implementations quantum-resistant.”
The agency’s National Cybersecurity Center of Excellence published both documents, which are open for public comment until February 20, 2024.