(SecurityBoulevard) Intro is a whimsical comparison of the aging of premium whiskey to NIST’s formulation of post-quantum cryptography. Both gestation processes take a significant amount of time from postulation through detailed industry analysis and selection to actual practical algorithms ormalt whiskey that can be used.
At the point, the blog’s discussion and details of NIST’s new algorithm selection process that is already in play becomes must-read informative.
NIST has also recently published a draft whitepaper, Getting Ready for Post-Quantum Cryptography: Explore Challenges Associated with Adoption and Use of Post-Quantum Cryptographic Algorithms. The paper outlines the challenges we’ll face once exploitation of Shor’s algorithm becomes practical. The new NIST paper states that “algorithm selection is expected to be completed in the next year or two, and work on standards and implementation guidelines will proceed expeditiously.” However, it then goes on to say “experience has shown that, in the best case, 5 to 15 or more years following the publication of cryptographic standards will elapse before a full implementation of those standards is completed.” 5 to 15 years is a substantial amount of time!
The NIST whitepaper outlines some initial discovery steps to support planning migration to post-quantum cryptography. Here’s the examples they provide:
Outreach to standards organizations to raise awareness of necessary algorithm and dependent protocol changes (e.g. IETF, ISO/IEC, ANSI/INCITS X9, TCG)
Discovery of all instances where Federal Information Processing Standards and NIST Special Publication 800-series documents will need to be updated or replaced
Identification of automated discovery tools to assist organizations in identifying where and how public-key cryptography is being used in systems that are connected to data centers and distributed network infrastructures
Development of an inventory of where and for what public-key cryptography is being used in key enterprises