If you’ve been following the NIST Post-Quantum (PQ) Cryptography Competition, then you likely know the round 3 finalists have recently been announced. In the off chance you’re not familiar, here’s a little background:
- Quantum computers pose an inevitable threat to digital security
- It’s estimated that within the decade a quantum computer will be powerful enough to break cryptography as we know it today
- The U.S. National Institute of Standards and Technology (NIST) started running a Post-Quantum Cryptography Standardization Process Competition six years ago to identity quantum-safe algorithms
- Everyone is awaiting their recommendations, at which point all standards bodies will need to adopt changes and update protocols that rely on crypto
With the recent round 3 finalists announcement, we saw three selected digital signature algorithms move forward:
- CRYSTALS-DILITHIUM
- FALCON
- SPHINCS+
What’s particularly exciting is that Entrust’s recently announced PKI as a Service PQ supports all three algorithms!
Although the timeline for Post-Quantum (PQ) seems like a long way away, the switch to quantum-safe algorithms is not just a regular crypto refresh cycle. The migration to quantum-safe algorithms could take several years. For some industries – like healthcare and critical infrastructure – the transition is already underway due to technology lifecycle and long-life data they have to ensure remains secure. To put it into perspective, think about the migration from SHA-1 to SHA-2. There was plenty of warning it was coming, plenty of time to prepare, and it was generally seen as a straightforward migration. But when the time came, some organizations really struggled with it – some are even still figuring it out! Well, the switch to PQ-safe algorithms won’t even compare, so the time to start preparing is now.
A few things organizations should be looking at to prepare:
- Take inventory. Make sure you know what cryptographic assets and algorithms you have, and where they reside.
- Determine the value of your data, its shelf life, and how long it will take to migrate to post-quantum cryptography. When you know what’s at risk, you’ll know where to start.
- TEST…
And this is where the PKIaaS PQ comes in! It’s a cloud-based PKI offering that can provide customers with composite and pure quantum Certificate Authority hierarchies. It gives organizations the ability to test multi-certificates or composite certificates with their applications. Interested in trying this out for yourself? You can sign up for a trial and start getting PQ ready.
As for NIST, the 4th and final round has now opened up, after which point they’ll announce their final recommendations.
For more information on Entrust’s PKIaaS, visit our webpage or click here for more resources on Post-Quantum. To sign up for a Post-Quantum PKIaaS trial, click here.