The agency continues its post-quantum cryptography push as it looks to create guidance for all sectors.
The latest step in post-quantum cryptography guidance is helping organizations identify where current public-key algorithms will need to be replaced, as the National Institute of Standards and Technology continues its push to fortify U.S. digital networks ahead of the maturity of quantum computing.
A new draft document previews—and solicits public commentary on—NIST’s current post-quantum cryptography guidance.
Current goals outlined in the working draft include helping entities locate where and how public key algorithms are utilized in encryption schemes, developing a strategy to migrate these algorithms to quantum-resilient substitutes and performing interoperability and performance testing.
“Organizations are often unaware of the breadth and scope of application and functional dependencies on public-key cryptography within their products, services and operational environments,” the draft document reads.
In conjunction with the National Cybersecurity Center of Excellence, NIST is seeking public feedback on the draft guidance, hoping to draw from industry’s expertise to form ubiquitous best practices in quantum-resilient cryptography.
A major theme of the document is to help organizations understand the security architecture in their networks so that they firmly grasp where post-quantum security measures will need to be implemented and where to prioritize modernization. NIST also aims to compile a definitive inventory of software vendors to support post-quantum cryptography migration.
Bill Newhouse, a cybersecurity engineer with NIST and NCCOE, told Nextgov that the comments will ideally inform regulators which cryptographic algorithms are in use to protect digital networks to better understand how migration will occur.
“In advance of final post-quantum cryptography algorithm standards, discovery activities are a necessary first step to learn which cryptographic algorithms are being used today to protect data and communications,” he said. “From this discovery step, migration prioritization decisions can begin to be made.”
From this perspective, interoperability and performance considerations will be taken into account for several draft post-quantum cryptographic algorithms. Newhouse said that these algorithms will be implemented for key exchanges and digital signatures security protocols.
The new guidance follows NIST’s ongoing effort to finalize its quantum-resistant algorithms in 2024 after identifying four in 2022.
The agency then announced partnerships with 12 private sector companies to help develop quantum-resilient algorithms and implement them nationwide, including Amazon Web Services and Microsoft.
Both of these efforts follow President Joe Biden’s National Security Memorandum leveraging federal resources to help all U.S. digital systems migrate to quantum-resilient cybersecurity standards by 2035.