Despite the numerous benefits of quantum computing, the quantum computers that will be available within a few years will be capable of breaking currently used public-key cryptography. To address this ‘quantum threat,’ in 2015 the National Institute of Standards and Technology (NIST) began an initiative to standardize new cryptographic algorithms, which will remain secure even against the most powerful future quantum computers but can run on today’s classical computers.
With NIST’s new standards becoming closer to being available, key issues concerning their adoption are becoming evident. Migrating to these new standards is a necessity, but a difficult task. To address these difficulties, in addition to NIST’s standardization process, the government has started a separate initiative. More specifically, the National Cybersecurity Center of Excellence (NCCoE) – an agency under NIST dedicated to developing solutions for businesses’ most pressing cybersecurity challenges – is running a parallel, more general project to ease the transition to Post-Quantum Cryptography (PQC).
NCCoE’s initiative began a few years ago, in partnership with the Department of Commerce, with a project definition phase. InfoSec Global was pleased to contribute to this phase by presenting at NCCoE’s first PQC workshop in Fall 2020.This stage culminated in a report detailing the scope of their Migration to PQC project.
Recently the NCCoE has completed the second phase: they have assembled a team to complete this project. InfoSec Global is excited to be one of the 15 technology collaborators, which include Microsoft, Amazon Web Services Inc. and Cisco Systems Inc. Each company has signed a Cooperative Research and Development Agreement (CRADA) with NIST, moving this project into the build phase.
With our many years specializing in the field of PQC, InfoSec Global has independently developed solutions that address this project’s exact goals.
InfoSec Global’s AgileSec™ Analytics scan fits nicely with the initial scope of NCCoE’s project to ‘demonstrate discovery tools’ capable of finding vulnerable cryptography, including cryptographic artifacts that are vulnerable to large-scale quantum computers.
Once the most vulnerable cryptography has been identified, the final goal of NCCoE’s project is to develop best practices and standards regarding adoption of PQC. As the cryptographic standards are becoming diversified, managing these cryptographic assets takes on additional challenges. InfoSec Global’s Cryptographic Agility Management Platform helps companies with these difficulties as they migrate to new standards. This platform allows companies to build agility today into their cryptographic infrastructure, that will allow for seamless migration to future cryptographic standards.
Overall, the work on NCCoE’s Migration to PQC project is progressing quickly. All the participants are eager to move forward. Everyone realizes the importance and imminence of the quantum threat, and that the migration process will be extensive. InfoSec Global is happy to contribute, and with our years of work understanding the issues involved and developing remedial tools, we have quite a bit to offer. We are looking forward helping industry and government alike build a widespread, quantum-safe cryptographic infrastructure.
About The Writer:
Vladimir Soukharev is the Principal Cryptographic Technologist & Chief Post-Quantum Researcher at InfoSec Global. In this position, he is leading innovations and optimizations in modern cryptography, leading the path to cryptographic agility, and working on the cryptographic lifecycle management. He is also conducting post-quantum cryptographic research and influencing and contributing to product development. Dr. Soukharev is actively working with NIST on new post-quantum standards, was part of the Centre of Applied Cryptographic Research and CryptoWorks21. He received his Ph.D. in Cryptography, Security and Privacy from David R. Cheriton School of Computer Science at the University of Waterloo and has dedicated his career to advancing the knowledge and application of advanced cryptography and cyber security technologies to protect vital information and communications.