Understanding NIST's Standardization of Post-Quantum Encryption and Next Steps for Federal CISOs
In a recent National Security Memo (NSM-10), the White House acknowledged the threat of quantum computers to our cryptography systems and compelled agencies to comply with its early plans to prepare.
The White House acknowledged the need for immediate action in addressing the threat that quantum computers pose to our existing cryptographic systems in a recent National Security Memorandum (NSM-10), and it mandated that government agencies comply with its initial plans to get ready for the threat. It's the first directive that tells agencies what they have to do as they start the long and complicated process of switching to cryptography that can't be broken by quantum computers. Many of the things that agencies have to do depend on the new cryptographic algorithms that the National Institute of Standards and Technology (NIST) just picked. However, the final standardisation will take 18 to 24 months.
What should CISOs do to get ready for the risks posed by quantum computers and meet the requirements of NSM-10? They should start by learning about the new algorithm standards. Then, they should focus on making a list of the agency's most valuable information and assets.
NIST saves the day.
In as little as ten years, quantum computers will be able to break many of the encryption methods we use now. This includes the popular RSA algorithm, which we use to encrypt data on the internet and digitally sign transactions. With a powerful quantum computer, an attacker will be able to read data that is encrypted with an RSA public key or make fake transactions that are signed with an RSA private key. Worse, an attack called "hack now, decrypt later" might already be happening. Attackers who store data using algorithms that are vulnerable to quantum computers can decrypt it in the past using quantum computers. This is a real worry for any agency or contractor that shares data that needs to be kept secret for a long time.
Luckily, academics have not been doing nothing. Since 2016, NIST has worked with the cryptography community to find and standardise new encryption algorithms that can't be broken by quantum computers. The NIST process will help make sure that these algorithms are written down in publications called Federal Information Processing Standards and are ready for use by federal agencies. Because of this, it's important for CISOs to learn about the new algorithms and how they work.
There are three different levels of security for each post-quantum algorithm: SL1, SL3, and SL5. These levels are a lot like the sizes of keys used in algorithms today. SL5 is stronger than SL3 and SL1, just like 4096-bit RSA keys are stronger than 1024-bit RSA keys. But there is a price to pay for this extra security. SL5 keys are usually bigger to store, which makes computations take longer. Also, post-quantum algorithms can't be used to encrypt and sign data at the same time. They are, instead, only used for one task or the other. This means that a single algorithm, like RSA, will be replaced by two separate algorithms.
In the table below, you can see some of the things that make the chosen algorithms unique. type of family. Public Key Algorithm SizeCiphertext/Size of the Signature Lattice-based Establishment of CRYSTALS-KYBER Key 1.6 KB-3.1 KB 0.8 KB-1.5 KB CRYSTALS-Dilithium Signature Lattice-based 2.5KB - 4.8KBFalcon Signature Lattice-based 2.4KB - 4.6KB1.2KB-2.3KBhash 0.7KB-1.3KB-based signature for SPHINCS+ 0.03KB-0.06KB 7.7KB-49KB
Act right away.
"Do not wait until the standard is completed."Start making a list of the most important things you know. Ask yourself, "What information would a bad guy want to get into first?"
According to NSM-10, within six months of the May 4 memo, leaders from the Office of Management and Budget, the Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology (NIST), and the National Security Agency will set rules for making an inventory of all cryptographic systems that are already in use. Within a year and every year after that, "... the heads of all federal civilian executive branch agencies shall deliver to the director of CISA and the national cyber director an inventory of their IT systems that remain vulnerable to CRQCs."
Inventory needs for the agency will include: A list of the most important IT assets to focus on interim benchmarks A common, preferably automated, way to measure how far IT systems have come is to switch to cryptography that can't be broken by quantum computers.
Moving an agency or department to a fully post-quantum position is a complicated process that will take many years. Even though these post-quantum algorithms won't be ready for widespread use in production until the standardisation process is completed in 2024, a lot of work must be done to prepare for these changes, starting with the inventorying process. This is required by the NSM-10 directive.
What do federal CISOs do next?
Find out what data you have and how to use encryption. Before you can decide how to move your data, you need to know exactly what you have and how easy it is to get at. Data that is especially sensitive and vulnerable to "hack-now, decrypt-later" attacks should be given more importance than data that isn't sent freely but isn't as sensitive. CISOs should start making a list of all the places where algorithms that are vulnerable to quantum attacks are being used. Because of different things, not all systems will be affected in the same way. CISOs need to have a very clear picture of how each of their systems is weak.
Talk to the vendors. Now is a great time to talk to your vendors about how they plan to use algorithms that go beyond quantum computing. A good vendor should already have a clear plan for the future and be testing the possible algorithms to get ready for 2024.
test algorithms for software that was made at home. Post-quantum algorithms are different from the algorithms we use now in the way they work. You can't know how they will affect your systems until you try them out and see what happens. NSM-10 tells agency heads to start doing "tests of commercial solutions that use pre-standardized quantum-resistant cryptographic algorithms" to help with possible compatibility problems.
The Open Quantum Safe project is a good place to start because it has many different implementations of post-quantum algorithms that can be used to try things out.
Not everything about quantum is bad. It's important to remember that quantum computing also gives us new ways to make systems stronger. Today, stronger cryptographic keys are already being made with quantum computers. Once this transition to post-quantum algorithms is done, quantum will be seen as a gift to cybersecurity, not a threat.