The National Institute of Standards and Technology (NIST) has published its initial draft strategy, Internal Report (IR) 8547, titled “Transition to Post-Quantum Cryptography Standards. ” This draft outlines NIST’s strategy for migrating from current cryptographic algorithms vulnerable to quantum computing attacks to quantum-resistant alternatives. Published on November 12, 2024, it is open for comments until January 10, 2025.

The report details a phased approach to PQC adoption and underscores the urgency of securing critical systems before quantum computing capabilities emerge.

The Need for Post-Quantum Cryptography

Cryptographic algorithms are vital for safeguarding confidential digital information from unauthorized access. For decades, these algorithms have proved strong enough to defend against attacks using conventional computers that attempt to defeat cryptography. However, future quantum computing may be able to break these algorithms, rendering data and information vulnerable. Countering this future quantum capability requires new cryptographic methods that can protect data from both current conventional computers and tomorrow’s quantum computers. These methods are referred to as post-quantum cryptography (PQC).

In response, NIST has released three PQC standards to start the next and significantly large stage of working on the transition to post-quantum cryptography:

• the Module-Lattice-Based Key-Encapsulation Mechanism (FIPS203) from the CRYSTALS-KYBER submission,
• the Module-Lattice-Based Digital Signature Algorithm (FIPS204) derived from the CRYSTALS-Dilithium submission, and
• the Stateless Hash-Based Signature Algorithm (FIPS205) derived from the SPHINCS+ submission.

Even though the transition to post-quantum cryptography starts before a cryptographically relevant quantum computer is built, there is a pressing threat. Encrypted data remains at risk because of the “harvest now, decrypt later” threat, in which adversaries collect encrypted data now to decrypt it once quantum technology matures. Since sensitive data often retains its value for many years, transitioning to post-quantum cryptography is critical to preventing these future breaches. This threat model is one of the main reasons the transition to post-quantum cryptography is urgent.

What is NIST’s Approach?

NIST IR 8547 serves as a roadmap for federal agencies, industry stakeholders, and standards organizations, guiding the migration of information technology products, services, and infrastructure to PQC. The report details the transition plan for quantum-vulnerable algorithms, focusing on digital signature algorithms and key-establishment schemes.

According to NIST:

“This report should inform the efforts and timelines of federal agencies, industry, and standards organizations for migrating information technology products, services, and infrastructure to PQC. Comments received on this draft will be used to revise this transition plan and feed into other algorithm- and application-specific guidance for the transition to PQC.”

By fostering engagement with industry, standards organizations, and relevant agencies, NIST aims to facilitate and accelerate the adoption of PQC. The report underscores the importance of early planning and collaboration to ensure a smooth and coordinated transition, balancing the urgency of adopting PQC with minimizing disruption across critical systems.

What is the Transition Timeline?

The timeline for actual implementation isn’t firm. As noted in the report, National Security Memorandum 10 establishes 2035 as the primary target for completing the migration to PQC across Federal systems.

Even though 2035 seems quite further down the lane, and currently, there are no quantum computers capable of breaking existing cryptographic schemes, now is the time to start the preparations since making the transition to PQC is expected to be difficult and costly.

The NIST report emphasizes the urgency of adopting post-quantum cryptographic methods while acknowledging that migration timelines will vary. Systems with long-term confidentiality needs may require earlier transitions, whereas others might proceed more gradually due to legacy constraints or lower risk levels. Flexibility is key to balancing security needs with practical challenges.

Tomas Gustavsson, Chief PKI Officer at Keyfactor, emphasized the significance of early preparation:

“With real, tangible deadlines to work against, organizations can’t afford to postpone their journeys to quantum-resiliency. Starting early is essential as the timeframe for PQC adoption is much shorter than previous transitions, like SHA-1 to SHA-2.”

In summary, NIST IR 8547 provides a comprehensive framework for transitioning to quantum-resistant cryptographic standards, addressing the challenges of emerging quantum computing technologies, and ensuring the long-term security of digital information.

Download the full NIST report here.