Businesses Brace for NIST Post-Quantum Cryptography Algorithms

The U.S. National Institute of Standards and Technology (NIST) is due to release its four finalized post-quantum cryptography (PQC) algorithms. At one point they were expected to arrive in July, but while that looks unlikely it is almost certain they will drop by the end of the year.

While cryptographically relevant quantum computers are years away, U.S. businesses will need to begin migrating to using the new standards and they will become a model for much of the rest of the world to follow.

In this Q&A, Keyfactor chief security officer Chris Hickman details how businesses can best determine which processes to prioritize as they begin their PQC transition and the first steps they must take once these PQC standards are live.

Enter Quantum: NIST is releasing the algorithms later than expected. As they have been anticipated for a long time, what will happen when they do?

Chris Hickman: There are two ways the market is looking at that. Some people think it's a finish line, but I personally think the announcement will finally give us a starting line to know what the track looks like, to use a car analogy. We’re going to finally know how to start bringing to market the final set of standards.

We've been encouraging our customers to plan at this stage and trying to get people behind the idea that this is not just a post-quantum problem per se, this is an evolution of cryptography. People need to look at it in the light of this inevitable change and embrace it rather than entering the philosophical debate around whether post-quantum is real and when it will happen.

Related:Moody’s Taps Quantum to Predict Tropical Cyclone Intensity

PQC will force organizations into a spot of saying, OK, what is my cryptographic landscape? By and large, crypto has been handled very poorly in most organizations. It's become a checkbox on a request for proposal, “Do you support RSA and ECC?” Nobody has done a good job of maintaining crypto as a critical asset in the organization.

We don't know what vulnerabilities these new algorithms could have in the future. They're going to be as close to perfect as they can be, but they're never going to be perfect. Organizations need to take an approach that says, okay, we're going to start managing crypto with some level of agility as a critical asset. We're going to maintain that inventory and we'll be able to respond to those changes.

What will the challenge be for organizations?

We publish a report every year and found only 23% of organizations had started some work around PQC, which is concerningly low. Over the course of the year, that has probably increased because it's getting on the radar of boards and the risk associated with it is during a higher level of attention.

Trying to find crypto in the organization is immensely difficult. The only way that I can explain it when a customer asks how do I get started is that we know asymmetric cryptography and PKI are going to be among the first things to fall. Symmetric cryptography seems to be fairly robust against post-quantum computers. So let's start looking for things like certificates in your organization.

Around 73% of respondents and the research we did don't even know how many keys they have in their organization. It's a massive landscape for people to go after just in trying to figure out what they have in the way of certificates in my organization.

Where NIST leads, the world is expected to follow. How will we see PQC roll out globally?

NIST has set the standards here and the world has agreed to follow their lead. I've had the pleasure of speaking with some of the folks at NIST who are running this program, and it's been a conscientious decision to, rather than create conflict amongst standards organizations, rally around one and for the world to participate in the development of the standards.

There are obviously going to be some regional variances around data sovereignty type issues and in some cases, countries would rather use domestically developed crypto algorithms based on this set of standards. But the world is gonna have to move quickly and the entire ecosystem is coming together to work to solve the problem.

IoT devices are historically under-resourced for large cryptographic keys. How should organizations that use them prepare for PQC?

IoT is an interesting space because a lot of IoT devices are based on restrained chipsets and they don't have a lot of addressable memory. There are some emerging technologies that may show up in the next round of standards that will deal with smaller key sizes, specifically targeted at IoT and constrained devices.

There are ways to protect them at the perimeter that might work as stopgap measures depending on where they fit with release cycles. But the real problem is that organizations are going to have to find ways to move the identity of devices in the interim and use an identity gateway to broker between post-quantum and classical algorithms, with the classical algorithms being on device and post-quantum being at the edge somewhere.

How soon will organizations need to act when NIST finally releases its PQC algorithms?

Unfortunately, the answer is, it depends. We’re seeing some organizations embracing PQC standards ahead of the game, especially financial institutions and healthcare technology companies in North America. They have probably already identified pools of data that need to be very quickly migrated and have spent the time to figure out what's in the supply chain o for that data.

A big piece of this is figuring out is, if that data resides in multiple places and one place isn't ready to go to post-quantum, you're gonna leave your data at risk. Organizations need to take the approach of what data do I have and what's the risk to the organization.

They then need to look at what their supply chain is like, not only in physical hardware and software but also in that data flow chain and then start assessing the priority of that against other priorities in the business. I don't think people will be able to do meaningful things for a few months but they need to be ready to go very quickly.

The thing that organizations need to be doing today, beyond assessing their data, is being ready for different size post-quantum keys which will impact on basics like network bandwidth. If you're using massive keys, there's going to be an implication to bandwidth so there are things that can be done today to mitigate that risk, both in your data and also in understanding how this impacts your infrastructure.