SafeLogic Joins NIST Post-Quantum Cryptography (PQC) Migration Effort

post-quantum cryptography is coming

Since its inception, SafeLogic has always focused on making it easier for organizations to deploy strong FIPS 140 validated cryptography that meets the most stringent requirements for cryptographic algorithm selection and implementation. The world’s leading organization responsible for promoting such standards is the U.S. National Institute of Standards (NIST), and the requirements covering allowed algorithms and their implementation are covered in NIST's Federal Information Processing Standard (FIPS) 140 publications.

Now, the world of cryptography is facing unprecedented challenges from the advent of quantum computers. It is widely expected that quantum computers will eventually be able to weaken or break most of the public key cryptography (PKI) that the world relies on today, necessitating migration to a different set of PKI algorithms that are believed to be resistant to cryptanalysis on quantum computers (quantum-resistant algorithms). NIST has been running a competition to select quantum-resistant algorithms since 2016 and is now planning to standardize these algorithms sometime in 2024.

SafeLogic has been working hard to implement quantum-resistant algorithms that are robust, secure, and compliant with the emerging NIST requirements. SafeLogic also recognizes that migration from classical PKI algorithms to quantum-safe PKI algorithms will be an enormous lift for many organizations. For this reason, SafeLogic has recently joined the effort led by NIST's National Cybersecurity Center of Excellence (NCCoE) focusing on migration to post-quantum cryptography.

Per NIST:

The initial scope of this project will engage industry to demonstrate the use of automated discovery tools to identify instances of quantum-vulnerable public-key algorithms that are widely deployed and to manage associated risks. Other goals include the development and improvement of migration strategies, interoperability and performance of implementations, and outreach to standards development organizations and industry sectors.

The primary audience for this project includes organizations that produce cryptographic standards and protocols, as well as enterprises that develop, acquire, implement, and maintain cryptographic products.

Collaborators responded to a federal register notice that invited cybersecurity vendors and other interested collaborators to participate in the project. The NCCoE then selected companies who submitted completed Letters of Interest on a first-come, first-served basis within each category of components or characteristics/capabilities listed in the federal register Notice up to the number of participants in each category necessary to carry out the project build.

“Public-key cryptography is widely used to protect today’s digital information. With the advent of quantum computing, and its potential to compromise many of the current cryptographic algorithms, it is critical that organizations begin to plan for many of the technological and operational challenges that a migration to post-quantum cryptography will present. This project aims to help organizations in that effort”, said William Newhouse, Security Engineer, NIST National Cybersecurity Center of Excellence.

As part of NIST, the NCCoE is a collaborative hub where government agencies, academic institutions, and industry organizations work together to address businesses' most pressing cybersecurity issues. This public-private partnership enables collaboration in the creation of practical cybersecurity solutions for broad, cross-sector technology challenges as well as specific industries. By working through consortia including technology partners, from Fortune 50 market leaders to smaller companies specializing in information technology and operational technology security, the NCCoE applies standards and best practices to develop modular and easily adaptable example cybersecurity solutions using commercially available technologies. NCCoE then documents example solutions in the NIST Special Publication 1800 series, which maps capabilities to the NIST Cybersecurity Framework and details the steps needed for another entity to re-create the example solution.

The NCCoE was established in 2012 by NIST in partnership with the State of Maryland and Montgomery County, Maryland. Information is available at https://www.nccoe.nist.gov.

Additional Resources