What is Post-Quantum Cryptography?

The RSA (Rivest-Shamir-Adelman) algorithm has been the asymmetric cryptography algorithm of choice for over 30 years. It is used in almost every aspect of computer security, including X.509 certificates, digital signatures and blockchain-based systems, logging, and identity and access management (IAM).

RSA and most other PKI schemes rely on the difficulty that classical computers have with factoring large integers, a problem that is expected to be substantially easier for quantum computers to solve, thus endangering the confidentiality of private encryption keys.

Progress in quantum computing has been steady, and Gartner* predicts that by 2029, quantum computing will be able to weaken existing systems to the point where security experts consider them unsafe to use cryptographically.

Many of the cryptographic products, protocols, and services used today will need to be updated, replaced, or significantly altered to employ quantum-resistant PQC algorithms to protect against this future threat.

* Gartner, Preparing for the Quantum World with Crypto-Agility, 9/2/22

• The US National Institute of Standards and Technology (NIST) established a competition in 2017 to identify and standardize what is now called post-quantum cryptography

• Post-quantum cryptography aims to develop systems that are secure against both quantum and classical computers yet can interoperate with existing communications networks and protocols

• In August 2024, NIST announced the availability of three Post-Quantum Cryptography (PQC) algorithm standards: one key encapsulation mechanism, ML-KEM (Kyber) - FIPS 203, and two digital signature algorithms, ML-DSA (Dilithium) - FIPS 204 and SLH-DSA (SPHINCS+) - FIPS 205

• NIST also announced  changes to the CMVP program to allow these standard PQC algorithms to be incorporated into FIPS 140-3

SafeLogic has been working closely with NIST as a member of its National Cybersecurity Center of Excellence (NCCoE) PQC Migration project along with organizations such as Cisco, Microsoft, Google and IBM.

SafeLogic CEO Evgeny Gervis leads the PQC Migration Risk Management and Prioritization workstream for the project and attended a recent White House conference with the Federal CIO and CISO.

SafeLogic launched a PQC Provider Early Access Program at the RSA Conference 2024 so customers can start testing and experimenting with PQC algorithms and capabilities.

PQC algorithms CRYSTALS-KYBER, CRYSTALS-Dilithium, FALCON, SPHINCS+, LMS, and XMSS are now available for customer testing. SafeLogic expects to incorporate these into its FIPS 140 validated CryptoComply software once NIST completes the standardization process and doing so becomes possible.

SafeLogic takes a unique approach to cryptographic asset discovery by providing real-time operational information for when quantum-vulnerable cryptography is being used. This information can greatly help organizations with their cryptographic inventories and migration prioritization decisions.

SafeLogic’s approach to cryptoagility builds on CryptoComply’s provider architecture to reduce the effort required for future cryptography migrations.

SafeLogic’s approach to hybrid mode allows organizations to safely wrap classical FIPS 140-2 or FIPS 140-3 validated encryption in PQC to protect valuable data from “harvest now, decrypt later” attacks while maintaining FIPS compliance and providing defense in depth.