FIPS 140 and PQC
The Migration to Post-Quantum Cryptography (PQC) is the Industry’s Next Great Challenge
SafeLogic is working with NIST’s National Cybersecurity Center of Excellence (NCCoE) on a project focused on migrating to post-quantum cryptography. When the day comes when you need to move your cryptography to post-quantum algorithms, SafeLogic will be there to simplify your migration.
Quantum Computers Threaten to Break Public Key Infrastructure (PKI)
-
The RSA (Rivest-Shamir-Adelman) algorithm has been the asymmetric cryptography algorithm of choice for over 30 years. It has been used in almost every aspect of computer security including X.509 certificates, digital signatures and blockchain-based systems, logging, and identity and access management (IAM)
-
However, RSA and most other PKI schemes rely on the difficulty that classical computers have with factoring large integers, a problem that is expected to be substantially easier for quantum computers to solve, thus endangering the confidentiality of private encryption keys
-
Progress in quantum computing has been steady, and Gartner* predicts that by 2029, quantum computing will be able to weaken existing systems to the point where security experts consider them unsafe to use cryptographically.
-
Many of the cryptographic products, protocols, and services used today that rely on public key algorithms (e.g., Rivest-Shamir-Adleman [RSA], Elliptic Curve Diffie-Hellman [ECDH], and Elliptic Curve Digital Signature Algorithm [ECDSA]) will need to be updated, replaced, or significantly altered to employ quantum-resistant PQC algorithms, to protect against this future threat.
* Gartner, Preparing for the Quantum World with Crypto-Agility, 9/2/22
NIST is Leading the Search for PQC Algorithms
-
Recognizing the threat future quantum computers represent to the confidentiality and integrity of virtually all digital communications on the internet and elsewhere, the US National Institute of Standards and Technology (NIST) established a competition in 2017 to identify and standardize what is now called post-quantum cryptography
-
Post-quantum cryptography aims to develop systems that are secure against both quantum and classical computers, yet can interoperate with existing communications networks and protocols
-
In August 2023, NIST announced four draft post-quantum cryptography (PQC) standards designed as a global framework to help organizations protect themselves from future quantum-enabled cyberattacks. It also requested public feedback on these proposed standards
-
The public-key encryption mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+
-
SafeLogic expects that once finalized, NIST will incorporate these PQC algorithms into FIPS 140-3
SafeLogic has Joined NIST’s PQC Migration Project
-
SafeLogic has been working hard to implement quantum-resistant algorithms that are robust, secure, and compliant with the emerging NIST requirements. SafeLogic also recognizes that migration from classical PKI algorithms to quantum-safe PKI algorithms will be an enormous lift for many organizations. For this reason, SafeLogic has recently joined the effort led by NIST's National Cybersecurity Center of Excellence (NCCoE) focusing on the migration to post-quantum cryptography
-
Per NIST:
-
The initial scope of this project will engage the industry to demonstrate the use of automated discovery tools to identify instances of quantum-vulnerable public-key algorithms that are widely deployed and to manage associated risks. Other goals include the development and improvement of migration strategies, interoperability and performance of implementations, and outreach to standards development organizations and industry sectors
-
The primary audience for this project includes organizations that produce cryptographic standards and protocols, as well as enterprises that develop, acquire, implement, and maintain cryptographic products
-
Collaborators responded to a federal register notice that invited cybersecurity vendors and other interested collaborators to participate in the project. The NCCoE then selected companies who submitted completed Letters of Interest on a first-come, first-served basis within each category of components or characteristics/capabilities listed in the federal register Notice up to the number of participants in each category necessary to carry out the project build
-
-
SafeLogic is collaborating on this project with AWS, Cisco, Google, IBM, and Microsoft
-
When the day comes when you need to move your cryptography to post-quantum algorithms, SafeLogic will be there to simplify your migration
