If you’ve been following NIST’s Post-Quantum Cryptography (PQ) competition, you’re likely aware that the third-round finalist was recently announced. In case you’re not familiar, here’s a little history:
- Quantum computers pose an inevitable threat to digital security
- It is estimated that within a decade a quantum computer will be powerful enough to crack cryptography as we know it today.
- The U.S. National Institute of Standards and Technology (NIST) launched a post-quantum cryptography standards process competition six years ago to identify secure quantum algorithms
- Everyone is waiting for their recommendations, in which case all standards bodies will have to adopt changes and update protocols that rely on cryptography.
With the recent announcement of Round 3 finalistswe saw three select digital signature algorithms progress:
What’s particularly exciting is that Entrust’s recently announced PKI as a PQ service supports all three algorithms!
Although the Post-Quantum (PQ) timeline seems distant, the shift to secure quantum algorithms is not just a regular cryptographic refresh cycle. The migration to secure quantum algorithms could take several years. For some industries, such as healthcare and critical infrastructure, the transition is already underway due to the technology lifecycle and the long-lived data they need to secure. To put things into perspective, consider migrating from SHA-1 to SHA-2. There were a lot of warnings, a lot of time to prepare, and it was generally considered a simple migration. But when the time comes, some organizations have really struggled with it – some are even still figuring it out! Well, the move to PQ secure algorithms won’t even compare, so it’s time to start preparing.
Here are some things organizations should consider to prepare:
- Take inventory. Make sure you know what crypto assets and algorithms you have, and where they reside.
- Determine the value of your data, how long it will be kept, and how long it will take to migrate to post-quantum cryptography. When you know what’s at risk, you’ll know where to start.
And that’s where the PKIaaS PQ comes in! Currently in beta, it is a cloud-based PKI offering, which can provide customers with composite and pure quantum CA hierarchies. It gives organizations the ability to test multi-certificates or composite certificates with their applications. Interested in trying for yourself? The beta program is open, so contact us if you want to join.
As for the NIST, the 4e and the final round is now open, after which they will announce their final recommendations.
For more information about Entrust’s PKIaaS, visit our webpage or click here for more Post Quantum resources.
The post NIST Post-Quantum Competition: And the Round 3 Finalists Are… appeared first on the Entrust Blog.
*** This is a syndicated Entrust Blog Security Bloggers Network blog written by Samantha Mabey. Read the original post at: https://blog2.entrust.com/blog/2022/08/nist-post-quantum-competition-and-the-round-3-finalists-are/