Last week, we drew attention to political volatility and strategic competition in South Asia and highlighted implications for multinationals in the region.

This week, we highlight NIST’s recently released standards for post-quantum cryptography and provide recommendations for organizations on quantum resilience.

Please subscribe to read future issues — and forward this newsletter to interested colleagues.

Contact us directly with any comments or questions: [email protected]

On August 14, 2024, the National Institute of Standards and Technology (NIST) announced three new encryption algorithms as the basis for post-quantum cryptography (PQC). This milestone marks the beginning of a critical transition period for organizations worldwide. Despite the infancy of quantum computing, we urge Chief Information Security Officers (CISOs) and other technology leaders to begin preparing now for the potential quantum threat to current encryption methods.

As one NIST mathematician recently said, “There is no need to wait for future standards. Go ahead and start using these three. We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event.”

After eight years of review and development, the three NIST-approved algorithms are:

• FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM) – For general encryption, based on the CRYSTALS-Kyber algorithm

• FIPS 204: Module-Lattice-Based Digital Signature Standard (ML-DSA) – For digital signatures, based on the CRYSTALS-Dilithium algorithm

• FIPS 205: Stateless Hash-Based Digital Signature Standard (SLH-DSA) – An alternative digital signature standard, based on hash functions

The release of these standards triggers several actions mandated by the Quantum Computing Cybersecurity Preparedness Act of 2022, including:

• OMB Guidance – OMB has one year to issue further guidance on migrating to quantum-resilient standards.
• Agency Inventories – Agencies must maintain inventories of IT vulnerable to quantum decryption.
• Migration Planning – Agencies must begin planning and implementing PQC migrations promptly.
• Congressional Reporting – OMB must report to Congress on migration progress.

As the federal government moves forward, the private sector will feel compelled to follow, even if regulatory requirements lag in most sectors beside critical infrastructure and potential engineering challenges delay or stall forecasts for the technology.

The Quantum Threat to Classical Encryption

Quantum computers leverage the principles of quantum mechanics to execute certain algorithms exponentially faster than classical computers. While this presents enormous opportunities for scientific advancement and economic growth, it also poses a significant threat to current cryptographic systems. A sufficiently powerful quantum computer could break many of the public-key cryptography methods currently used to secure digital communications and transactions worldwide.

The National Security Memorandum on Promoting United States Leadership in Quantum Computing (NSM-10) highlighted the following quantum risks:

“Sec.3. Mitigating the Risks to Encryption. (a) Any digital system that uses existing public standards for public‑key cryptography, or that is planning to transition to such cryptography, could be vulnerable to an attack by a CRQC. To mitigate this risk, the United States must prioritize the timely and equitable transition of cryptographic systems to quantum-resistant cryptography, with the goal of mitigating as much of the quantum risk as is feasible by 2035… Central to this migration effort will be an emphasis on cryptographic agility, both to reduce the time required to transition and to allow for seamless updates for future cryptographic standards. This effort is an imperative across all sectors of the United States economy, from government to critical infrastructure, commercial services to cloud providers, and everywhere else that vulnerable public-key cryptography is used.”

CISA has launched a Post-Quantum Cryptography (PQC) initiative to unify and drive transition efforts across the federal government and private sector, with a focus on critical infrastructure and government network owners and operators. In 2021, CISA and NIST created a roadmap to guide these efforts (see below).

Strategic Context

China’s “collect now, decrypt later” approach has raised significant concerns. This strategy involves harvesting encrypted data now, with the intention of decrypting it once quantum computers become capable. This poses a long-term threat to sensitive data across various sectors. While the timeline for the realization of cryptographically relevant quantum computers is hotly debated (with optimistic estimates ranging from 5-10 years to pessimists that argue they may never be practically realized), the fear of an adversary’s surprise breakthrough has driven policy urgency.

As Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger said recently, “What’s the data that you’d care about if an adversary could use a quantum computer in nine or 10 years to decrypt it? We have lots of that in the intelligence community. We have lots of that in our Department of Defense, and as such, ensuring that collect now, decrypt later can be addressed is something that’s a priority for us.”

Meanwhile industry and government investment in quantum computing is accelerating, with recent advances in error-correcting and stronger hardware encoding fostering optimism in the practicality of scientific and economic applications. Boston Consulting Group released an updated forecast in July 2024, that expects the industry to move from the current era of “noisy intermediate-scale quantum” (NISQ) devices to “broad quantum advantage” by 2030 and “full-scale fault tolerance” after 2040, generating $450 to $850 billion in economic value.

Implementation Challenges

Implementing new cryptography takes time, and firms need a substantial lead time to have protections in place before quantum threats materialize. Asymmetric encryption algorithms, the backbone of much of our current secure communications, are particularly vulnerable to quantum attacks.

The new PQC algorithms, while more resistant to quantum computing, often demand larger key sizes and more computational resources. This poses a significant hurdle, especially for embedded systems with limited resources. Moreover, during the transition period, systems will need to juggle both classical and post-quantum algorithms to maintain compatibility with legacy systems, adding another layer of complexity, and potential security risks.

Despite these challenges, industry players are already on the move. Firms like Google and Cloudflare are early adopters, already implementing draft PQC proposals. Meanwhile, standards bodies such as the Internet Engineering Task Force (IETF) are working to incorporate PQC into fundamental protocols like Transport Layer Security (TLS), which secures much of our internet traffic. Alphabet even spun off a unit, SandboxAQ, to focus on quantum tech and “encryption remediation.”

For CISOs, the message is clear: it’s time to develop a “cryptographic agility strategy”. This means not only identifying where sensitive data is stored and understanding current cryptographic protections but also ensuring systems can swiftly switch to quantum-resistant algorithms without major disruptions. Some firms are exploring quantum-safe virtual private networks as an early, concrete step towards quantum readiness.

Recommended Actions

• Conduct a Comprehensive Cryptographic Inventory
  • Identify all systems and data relying on public-key cryptography.
  • Prioritize systems handling long-term sensitive data.
• Develop a Migration Strategy
  • Create a phased approach for transitioning to PQC.
  • Consider a hybrid approach using both classical and post-quantum algorithms during transition.
• Implement Crypto-Agility
  • Design systems to be cryptographically flexible for easier future updates.
• Prioritize High-Value Assets and High-Impact Systems
  • Focus initial migration efforts on the most critical systems and data.
• Identify and Plan for Unsupported Systems
  • Determine which systems cannot support PQC and develop replacement strategies.
• Engage with Vendors and Partners
  • Inquire about PQC road maps from key technology providers.
  • Collaborate on best practices for transition.
• Invest in Education and Training
  • Develop in-house expertise on PQC.
  • Train IT and security teams on new standards and implementation practices.
• Monitor Regulatory Developments
  • Stay informed about potential regulations mandating PQC use.
• Participate in Industry Forums and Government Initiatives
  • Engage in cross-industry discussions and working groups.
  • Follow developments from NIST’s National Cybersecurity Center of Excellence (NCCoE) “Migration to Post-Quantum Cryptography” project.

Justifying Mitigations Given Uncertainty

The shift to PQC is more than just a technical update; it’s a fundamental change in how we approach data security. It promises to be more complex and time-consuming than any cryptographic transition we’ve seen before. CISOs need to think beyond just data encryption and consider the impact on software integrity verification methods as well.

An Office of the National Cyber Director report estimates that the total government-wide cost for migrating prioritized information systems to PQC between 2025 and 2035 will be approximately $7.1 billion in 2024 dollars. It will be an even more expensive and complex endeavor for critical infrastructure companies to follow suit.

While the threat is inherently uncertain and unquantifiable, the business case for risk mitigation is future-proofing. While quantum computers capable of breaking current encryption may not be common for another decade (or more), hardware and software with long lifespans could find themselves made suddenly vulnerable as a result of a technical breakthrough that catches the unprepared by surprise.