NIST Maps Out the Migration to Post-Quantum Cryptography
(GCN) The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence (NCCOE) has released a draft document describing migration challenges and approaches for facilitating that migration to ease the migration from public-key cryptographic algorithms to quantum-resistant algorithms.
To get a head start on executing a migration roadmap, NIST has outlined five implementation scenarios that aim to identify quantum-vulnerable cryptographic code, prioritize the replacement of that code and address remediating deficiencies based on security controls’ dependence on quantum-vulnerable cryptography.
- Scenario 1: Discovering the FIPS-140-validated hardware and software modules present in the enterprise that employ quantum-vulnerable public-key cryptography, identifying priorities for replacement based on a documented risk assessment and developing a migration strategy for each component.
- Scenario 2: Identifying the cryptographic libraries that are commonly used for quantum-vulnerable algorithms and those that might support one of NIST’s selected quantum-resistant algorithms.
- Scenario 3: Finding and selecting sample cryptographic applications that use quantum-vulnerable public-key cryptography, prioritizing them by risk and the number of affected systems and processes and identifying the candidate replacement algorithms or compensating controls, if they exists.
- Scenario 4: Identifying quantum-vulnerable code in computing platforms, including operating systems, access control utilities, cryptographic integrity applications and identity and access management applications as well as investigating the projected impact of mitigation options.
- Scenario 5: Finding and prioritizing the quantum-vulnerable cryptographic algorithms used in communication protocols leveraged by critical infrastructure sectors and suggesting possible replacements.
Organizations collaborating with NIST on this project will be able to install and test discovery tools and quantum-resistant components in an enterprise environment – featuring physical, virtualized and containerized workloads — hosted by NCCoE’s post quantum cryptography laboratory.
Comments on the draft report are due July 7.