The Wait is Over. It’s Ready, Set, Go for PQC Migration!
After 8 long years of rigorous research and relentless effort, the U.S. National Institute of Standards and Technology (NIST) has released the first set of finalized post-quantum encryption standards today. This is a landmark achievement that marks the beginning of a new era in cryptography, laying a solid foundation for data security in the post-quantum world.
Three Federal Information Processing Standard (FIPS) standards have been established from the fourth and final round of PQC standardization:
- FIPS 203: This standard is based on the CRYSTALS-Kyber algorithm, now renamed ML-KEM, short for Module-Lattice-Based Key-Encapsulation Mechanism. This is intended as the primary standard for general encryption, offering the advantage of smaller, easily exchangeable encryption keys and fast operation.
- FIPS 204: This standard is based on the CRYSTALS-Dilithium algorithm, now renamed ML-DSA, short for Module-Lattice-Based Digital Signature Algorithm. This is intended as the primary standard for protecting digital signatures.
- FIPS 205: The standard is based on the SPHINCS+ algorithm, now renamed SLH-DSA, short for Stateless Hash-Based Digital Signature Algorithm. While this, too, is designed for digital signatures, it employs a different mathematical approach from ML-DSA and is intended as a backup method if ML-DSA proves vulnerable.
NIST further added that the draft of the FIPS 206 standard, which is being developed around the FALCON algorithm, is currently in progress. Once finalized, this standard will be named FN-DSA, short for FFT (fast-Fourier transform) over the NTRU-Lattice-Based Digital Signature Algorithm.
Although the standards remain largely unchanged from their draft versions, NIST has updated the algorithms’ names to indicate the specific versions included in the three finalized standards.
“These finalized standards include instructions for incorporating them into products and encryption systems. We encourage system administrators to start integrating them into their systems immediately, because full integration will take time.”
– Dustin Moody, NIST mathematician, Head of the PQC standardization project
NIST also noted that it continues to evaluate two additional sets of algorithms for general encryption and digital signatures that could potentially serve as backup standards in the future. From this new set, NIST plans to announce its selection of one or two algorithms for general encryption and about 15 algorithms for digital signatures by the end of 2024.
Set up your own quantum-safe PKI hierarchy and begin your PQC journey today.
How Were These Standards Arrived At?
The journey to PQC began in 2016, when NIST kickstarted its first Post-Quantum Cryptography Standardization Project. As part of the project, NIST announced a competition, calling cryptographers and security experts around the world to develop and submit their candidates for PQC. The goal was to come up with robust, trusted, and tested post-quantum algorithms that are secure against attacks by both classical and quantum computers. Ever since, academics, organizations, and governments worldwide have collaborated to develop and propose their PQC candidates for peer review and evaluation.
In July 2022, after the third round of standardization process, NIST made a preliminary announcement, unveiling the first four PQC algorithms:
- CRYSTALS-Kyber for KEM (Key Establishment Mechanism) for general encryption
- CRYSTALS-Dilithium, Falcon, and SPHINCS+ for digital signatures
CRYSTALS-KYBER and CRYSTALS-Dilithium were both selected for their strong security and excellent all-round performance. FALCON was chosen for use cases, where CRYSTALS-Dilithium signatures are too large. SPHINCS+ was chosen to avoid relying only on the security of lattices for signatures.
After the third round, NIST continued to evaluate additional candidates for Key Establishment Mechanism in the fourth round of standardization – Classic McEliece, BIKE, HQC, and SIKE.
Meanwhile, in 2023, NIST also released three draft standards for PQC to get industry feedback and make appropriate revisions to ensure successful implementation.
- FIPS 203: Specifies the ML-KEM Standard derived from the CRYSTALS-KYBER submission
- FIPS 204: Specifies the ML-DSA Standard derived from CRYSTALS-Dilithium submission
- FIPS 205: Specifies the SLH-DSA Standard derived from the SPHINCS+ submission
After completing the fourth and final round of standardization that spanned for two years, NIST has now established the above draft standards as the first formal standards for PQC.
AppViewX can help you implement crypto-agility and start preparing today for Post-Quantum Cryptography
Why Is This So Important?
The development of commercially viable quantum computers is no longer a question of “if” but “when.” With nations and big corporations across the world vying for quantum supremacy, it’s safe to assume that they will be here by the early 2030s, if not sooner. And, when they do, they will be capable of breaking our current public key encryption schemes.
Existing public-key cryptography (asymmetric cryptography) relies heavily on the difficulty of factoring large numbers and solving discrete logarithms. These problems form the basis of current encryption and digital signature algorithms such as RSA, ECDH, DSA, and ECDSA. But a sufficiently large-scale quantum computer, such as a cryptographically relevant quantum computer (CRQC), can solve these problems effortlessly in minimal time, rendering today’s encryption techniques obsolete and leaving all data, communications and interactions exposed. The potential of a CRQC is not lost on cybercriminals. The threat of “harvest-now, decrypt-later” (HNDL) attacks—where adversaries steal encrypted data today with the intent of decrypting it once quantum computers are operational—is growing increasingly relevant. This is why the standardization of Post-Quantum Cryptography algorithms is a pivotal moment.
Post-Quantum Cryptography is the key to a secure quantum future. Implementing PQC will ensure that encryption methods remain robust, safeguarding critical information systems from current and future threats like HNDL attacks.
Given the risk of HNDL attacks, the migration to PQC cannot be delayed until quantum computers are fully developed. Moreover, cryptographic transitions take several years for completion. Given the complexity of PQC and the reducing time window for PQC adoption, organizations must start now, regardless of when a CRQC will arrive.
Recommended Next Steps
With NIST’s announcement of the standards for Post-Quantum Cryptography (PQC), the road ahead is clear. For CISOs who have been hesitant, time is now to embark on your PQC journey. Transitioning to PQC is a massive multi-year project that requires deliberate planning, deep PQC expertise, significant investment, and meticulous execution. It involves several phases, such as:
- Building a comprehensive up-to-date cryptographic inventory or a Cryptographic Bill of Materials (CBOM) to scope the impact of PQC on existing cryptographic systems.
- Prioritizing high-value systems and data for migration
- Identifying systems that cannot support PQC algorithms
- Replacing or upgrading legacy systems that cannot support PQC algorithms to avoid interoperability issues
- Selecting appropriate post-quantum algorithms
- Testing and integration of selected algorithms
- Deployment and continuous monitoring
The best strategy to navigate these phases with minimal disruption and maximum security is crypto-agility. By becoming crypto-agile, you can enable your organization to:
- Rapidly respond to cryptographic challenges, compromises and threats, such as Quantum computing, CA distrust incidents, and shorter TLS validity
- Seamlessly migrate to new CAs, certificates, and PQC with minimal effort and no costly retrofitting
- Simplify and streamline certificate lifecycle management for stronger digital security and continuous compliance
Build Crypto-Agility and Get Quantum-Ready with AppViewX
To facilitate a seamless and efficient transition to PQC, AppViewX offers the following solutions:
- AppViewX PQC Test Center: A dedicated free online resource built to help organizations assess their PQC readiness by generating and testing quantum-safe certificates prior to their integration into existing systems, workloads and machines. You can quickly set up your own quantum-safe PKI hierarchy and generate PQC ready certificates and keys to test their compatibility in your environment. Visit the AppViewX PQC Test Center and begin your PQC journey today.
- PQC Certificate Lifecycle Management: The AVX ONE platform offers a comprehensive certificate lifecycle management solution to help enable PQC readiness and crypto agility with complete certificate discovery and inventory, full certificate lifecycle automation, and total certificate control across the enterprise.
To hear more about crypto-agility and how AppViewX can help you start your Post-Quantum Cryptography readiness journey, Watch on-demand webinar, Top 3 Reasons You Need Crypto-Agility Today.