Public Comment Sought on Post-Quantum Cryptography Migration
Seeking comments from industry, government and academia, the National Cybersecurity Center of Excellence (NCCoE) issued a preliminary guide on practices related to migrating away from legacy cryptography. The draft document, NIST Special Publication (SP) 1800-38A, Migration to Post-Quantum Cryptography, is open for comment through June 8.
The NCCoE is housed at the National Institute of Standards and Technology (NIST), which is preparing and standardizing quantum-resistant public-key cryptographic algorithms. The NCCoE plans to update the preliminary draft based on the input received and will publish additional volumes for comment to guide the widespread adoption of “safe” cryptography.
“Advances in quantum computing could compromise many of the current cryptographic algorithms being widely used to protect digital information, necessitating replacement of existing algorithms with quantum-resistant ones,” the NCCoE indicated. “Previous initiatives to update or replace installed cryptographic technologies have taken many years, so it is critical to begin planning for the replacement of hardware, software, and services that use affected algorithms now so that data and systems can be protected from future quantum computer-based attacks.”
In particular, the organization is seeking feedback on the workstreams needed to move to quantum-resistant solutions—such as identifying gaps that exist between post-quantum algorithms and their integration into protocol implementations—so they can help accelerate the adoption and deployment of post-quantum cryptography (PQC).
The new algorithms will likely not be drop-in replacements for the quantum-vulnerable algorithms. They may not have the same performance or reliability characteristics due to differences in key size, signature size, error handling, number of execution steps required to perform the algorithm, key establishment process complexity, etc.
The agency warned that legacy cryptography in use today—like the Rivest-Shamir-Adleman algorithm (widely known as RSA encryption), Elliptic Curve Diffie-Hellman and the Elliptic Curve Digital Signature Algorithm—need to be updated, replaced or significantly altered for application of new quantum-resistant algorithms.
“The new algorithms will likely not be drop-in replacements for the quantum-vulnerable algorithms,” the NCCoE warned. “They may not have the same performance or reliability characteristics due to differences in key size, signature size, error handling, number of execution steps required to perform the algorithm, key establishment process complexity, etc.”
Moreover, entities may not be aware of the breadth and scope of the dependencies on legacy cryptography across all of their products, services and operational environments. Given this possible lack of visibility, the NCCoE recommended building a complete inventory of where organizations are using cryptography, including across software vendors or services, and having an understanding of where the vulnerable legacy cryptography is housed, on-premise or over the internet, for example. In addition, organizations need to know what data is associated with the keys and any interdependencies.
“Increased use of discovery tools will have the added benefit of detecting and reporting the use of cryptographic algorithms that are known vulnerable to non-quantum attacks,” the NCCoE stated. “Maintaining connectivity and interoperability among organizations and organizational elements during the transition from quantum-vulnerable algorithms to quantum-resistant algorithms will require careful planning. Furthermore, an organization may not have complete control over its cryptographic mechanisms and processes so that they can make accurate alterations to them without involving intense manual effort.”
William Newhouse and Murugiah Souppaya from NIST, William Barker from Dakota Consulting and Chris Brown from The MITRE Corporation prepared the draft. Comments will be accepted for this particular draft through just before midnight on June 8, 2023. Click here and submit comments via a web form on the project page. Questions can be sent to applied-crypto-pqc@nist.gov.
“Our strategy for future phases will build iteratively to produce recommended practices for algorithm replacement, where in some cases interim hybrid implementations are necessary to maintain interoperability during migration,” the NCCoE said. “We invite feedback from the larger PQC community of interest to identify future workstreams that will accelerate the adoption and deployment of PQC.”
