The RSA (Rivest-Shamir-Adelman) algorithm has been the asymmetric cryptography algorithm of choice for over 30 years. It has been used in almost every aspect of computer security including X.509 certificates, digital signatures and blockchain-based systems, logging, and identity and access management (IAM)
However, RSA and most other PKI schemes rely on the difficulty that classical computers have with factoring large integers, a problem that is expected to be substantially easier for quantum computers to solve, thus endangering the confidentiality of private encryption keys
Progress in quantum computing has been steady, and Gartner* predicts that by 2029, quantum computing will be able to weaken existing systems to the point where security experts consider them unsafe to use cryptographically.
Many of the cryptographic products, protocols, and services used today that rely on public key algorithms (e.g., Rivest-Shamir-Adleman [RSA], Elliptic Curve Diffie-Hellman [ECDH], and Elliptic Curve Digital Signature Algorithm [ECDSA]) will need to be updated, replaced, or significantly altered to employ quantum-resistant PQC algorithms, to protect against this future threat.
* Gartner, Preparing for the Quantum World with Crypto-Agility, 9/2/22
Recognizing the threat future quantum computers represent to the confidentiality and integrity of virtually all digital communications on the internet and elsewhere, the US National Institute of Standards and Technology (NIST) established a competition in 2017 to identify and standardize what is now called post-quantum cryptography
Post-quantum cryptography aims to develop systems that are secure against both quantum and classical computers, yet can interoperate with existing communications networks and protocols
In August 2023, NIST announced four draft post-quantum cryptography (PQC) standards designed as a global framework to help organizations protect themselves from future quantum-enabled cyberattacks. It also requested public feedback on these proposed standards
The public-key encryption mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+
SafeLogic expects that once finalized, NIST will incorporate these PQC algorithms into FIPS 140-3
SafeLogic has been working hard to implement quantum-resistant algorithms that are robust, secure, and compliant with the emerging NIST requirements. SafeLogic also recognizes that migration from classical PKI algorithms to quantum-safe PKI algorithms will be an enormous lift for many organizations. For this reason, SafeLogic has recently joined the effort led by NIST's National Cybersecurity Center of Excellence (NCCoE) focusing on the migration to post-quantum cryptography
The initial scope of this project will engage the industry to demonstrate the use of automated discovery tools to identify instances of quantum-vulnerable public-key algorithms that are widely deployed and to manage associated risks. Other goals include the development and improvement of migration strategies, interoperability and performance of implementations, and outreach to standards development organizations and industry sectors
The primary audience for this project includes organizations that produce cryptographic standards and protocols, as well as enterprises that develop, acquire, implement, and maintain cryptographic products
Collaborators responded to a federal register notice that invited cybersecurity vendors and other interested collaborators to participate in the project. The NCCoE then selected companies who submitted completed Letters of Interest on a first-come, first-served basis within each category of components or characteristics/capabilities listed in the federal register Notice up to the number of participants in each category necessary to carry out the project build
SafeLogic is collaborating on this project with AWS, Cisco, Google, IBM, and Microsoft
When the day comes when you need to move your cryptography to post-quantum algorithms, SafeLogic will be there to simplify your migration