Agencies should test post-quantum cryptography algorithms with their software and decide whether information security benefits outweigh the efficiency losses ahead of a federally mandated transition, according to security experts.
Experimenting with the National Institute of Standards and Technology’s candidate algorithms, some of which will be standardized, will help agencies understand their impacts on system performance and behavior and craft required plans identifying where to deploy them first.
NIST expects to publish approved algorithms “potentially within a few weeks,” a spokesperson told FedScoop, and while the standards will be optional, agencies may mandate them in accordance with National Security Memorandum-10. The memo requires agencies to inventory their high-value assets and systems vulnerable to quantum computers which, while a decade or more away, will be able to break most public-key cryptography securing systems, and it gives them a year from NIST’s release to issue plans to transition to quantum-resistant cryptography.
“The challenge that chief information security officers face is that they eventually have to migrate everything in their organizations onto these new algorithms,” said Duncan Jones, head of cybersecurity at Quantinuum.
CISOs must prioritize areas where the data is particularly valuable and the encryption most at risk, and a lot of them don’t have that information readily available, Jones said.
Quantinuum released a post-quantum standardization guide for CISOs earlier this month, which wasn’t supposed to beat NIST’s standards, originally expected out at the end of March, to publication. The guide recommends CISOs begin speaking with vendors about their plans for adopting post-quantum algorithms and refer to the Open Quantum Safe project, which provides a variety of implementations, for experimentation.
“Everyone needs to figure out now if it makes sense to pay the cost at the moment to upgrade to these quantum algorithms, what to prioritize doing sooner rather than later,” said Mark Zhandry, senior scientist at the NTT Research Cryptography & Information Security Laboratories. “That can start now; there’s no reason to wait for any decisions from NIST.”
Foreign adversaries are intercepting communications now and storing them for decryption by a quantum computer, in the next decade or so that it takes to develop one. Agencies need to decide if they’re willing to accept any efficiency losses that come with adopting algorithms with substantially larger cryptographic keys, strings of bits used by the algorithm to transfer plain text into cipher text and back, when the threat may be decades away.
For that reason agencies’ adoption of NIST’s standards will probably occur more slowly when securing less-sensitive information, Zhandry said.
NIST’s candidate algorithms are all grounded in “reasonably well-understood” security principles, and no “significant” vulnerabilities have been found, Zhandry said. Once NIST decides on approved algorithms, standardizing them will take 12 to 18 months — likely taking the process into 2024.
The final seven algorithms skew “heavily” toward one type of math, which is “a bit risky” if it’s cracked, Jones said. But industry hasn’t pushed for any algorithms outside of the finalists it helped develop, and NIST’s project, begun in 2016, can always diversify algorithms in future guidance, said the agency’s spokesperson.
“This is a big milestone,” the spokesperson said. “It’s taking slightly longer than we anticipated to announce the first algorithms selected, but we are still on track to have the first post-quantum cryptography standards published by 2024.”