Quantum-Safe Standards Have Arrived

August 13, 2024. Post-Quantum Cryptography Day. Quantum-Safe Standards Day. Tuesday. Whatever you prefer to call it, it’s a historic day. Today, a critical milestone has been reached on the journey to a quantum-safe world. Today, the U.S. Department of Commerce, through the National Institute of Standards and Technology (NIST), has formally published its first set of quantum-safe public key cryptography standards: FIPS 203, FIPS 204, and FIPS 205.

To many, including those of us at ISARA and to our colleagues, friends, peers, like-minded individuals, and companies around the world, these standards represent an inflection point in the digital history of our world. We collectively celebrate the culmination of nearly eight years of hard work and dedication from a global community of cryptographers, information security experts, and numerous other stakeholders.

Let’s look at how we got here, what this means, and what is coming next.

The NIST PQC Standardization Process
The brief recap is that NIST, and the world, needed a standardized collection of highly vetted asymmetric quantum-safe algorithms to replace the quantum-vulnerable RSA and ECC algorithm standards. Doing so was immensely important for a variety of reasons, not the least of which being that RSA and ECC are ubiquitously in use today. Messages encrypted by using these quantum-vulnerable methods today can be stored for decryption in the future when a cryptographically relevant quantum computer (CRQC) emerges. These Harvest-Now-Decrypt-Later (HNDL) attacks underscore the urgency for a swift transition to quantum-safe algorithms.

The figure below gives a brief summary of the nearly eight-year standardization process:

Additionally, draft Federal Information Processing Standards for 3 of the 4 selected algorithms were released for public commenting on August 24, 2023.

For further details on the NIST PQC Standardization Process, check out some of the other entries in the ISARA Insights Blog.

• NIST Announces Quantum-Safe Algorithms
• NIST Advances to the Selection Round
• NIST Round 2

Readers might also be interested in learning more about the signature on-ramp process, which was launched in September 2022 to bolster NIST’s suite of quantum-safe signature algorithms.

• NIST’s Post-Quantum Signature On-Ramp Process

What Does this Mean?
Today, we experienced a "semi-conclusion" to the NIST PQC Standardization Process, with final standards being published for 3 of the algorithms selected for standardization at the conclusion of the 3rd round (these algorithms are now known as ML-KEM, ML-DSA, and SLH-DSA).

With these long-awaited standards published, the transition to quantum-safe cryptography can truly begin.

As a first step to migration planning, organizations should inventory their cryptographic usage. Contact ISARA today to learn more about how our tools and services are helping organizations discover the cryptography on their networks, analyze their crypto risks, and pave the way to quantum safety. Click here for more insights into quantum-safe migration planning, and tips for avoiding some costly mistakes.

What’s Next?
The publication of FIPS 203, FIPS 204, and FIPS 205 is momentous, but there is still a lot more work to be done. Below are a few of ISARA’s predictions for what will come next.

Current implementations of the quantum-safe algorithms will need to be updated to ensure they are compliant with the now formal specifications. Following that, many of the quantum-safe cryptographic libraries will need to go through the Cryptographic Algorithm Validation Program (CAVP), and cryptographic modules will need to undergo the Cryptographic Module Validation Program (CMVP) — common requirements for using cryptographic algorithms in commercial products or production environments. Shortly thereafter, we expect to see a proliferation of quantum-safe software updates across certain user devices, applications, internet browsers, and other systems which can be still be securely updated.

Next comes the standards updates. Standards don’t exist in isolation of each other. Often, a standard will have dependencies with other standards. There are many protocol standards out there which rely on NIST's algorithm standards. Many of the maintainers of these protocol standards needed to wait until the final FIPS were available before they could begin their own quantum-safe updates. With the quantum-safe standards in hand, we expect to see a great deal of activity among the standards development organizations of the world as they look to make updates.

Coinciding with the library updates and formal validations, we expect to see many new hardware implementations of the standardized algorithms begin to appear as vendors look to put the algorithms into production. Similarly, we should see new versions of existing hardware begin to come out; upgraded to accommodate the technical requirements for the new algorithms.

One more prediction for the near future is that we'll see an uptick in research around more "exotic" quantum-safe functionalities such as IBE, ABE, NIKE, PAKE, and Threshold Signatures. Moreover, we anticipate that the new standards will be used as building blocks for designing a variety of other quantum-safe constructions with higher-level functionalities.

Here are some upcoming standardization milestones we are eagerly anticipating:

• when NIST releases draft standards for the FN-DSA signature algorithm (formerly known as Falcon),
• the conclusion of the 4th round of the standardization process and announcement of which alternates will be standardized (Classic McEliece, HQC, or BIKE), and
• the output of NIST’s PQC digital signature on-ramp

Are you as excited as we are for these quantum-safe standards?
Reach out and let's chat about how ISARA can bring quantum-safety to your organization!