Last summer, the National Institutes of Standards and Technology (NIST) issued the first Post Quantum Cryptography standards. Earlier this week NIST issued a draft report (Transition to Post-Quantum Cryptography Standards ) to guide transition efforts. It’s intended as the guide for government agencies and also sets broad goals for others (commercial and private) making the transition.

Here’s the NIST summary:

“This report describes NIST’s expected approach to transitioning from quantum-vulnerable cryptographic algorithms to post-quantum digital signature algorithms and key-establishment schemes. It identifies existing quantum-vulnerable cryptographic standards and the current quantum-resistant standards that will be used in the migration. This report should inform the efforts and timelines of federal agencies, industry, and standards organizations for migrating information technology products, services, and infrastructure to PQC. Comments received on this draft will be used to revise this transition plan and feed into other algorithm- and application-specific guidance for the transition to PQC.” 

The report is available and open for public comment until January10, 2025.

The timeline for actual implementation isn’t firm. As noted in the report, “National Security Memorandum 10 (NSM-10) establishes the year 2035 as the primary target for completing the migration to PQC across Federal systems [NSM10]: “Any digital system that uses existing public standards for public‑key cryptography, or that is planning to transition to such cryptography, could be vulnerable to an attack by a Cryptographically Relevant Quantum Computer (CRQC). To mitigate this risk, the United States must prioritize the timely and equitable transition of cryptographic systems to quantum-resistant cryptography, with the goal of mitigating as much of the quantum risk as is feasible by 2035.”

Making the transition to PQC is expected to be difficult and costly. Dustin Moody, a NIST PQC leader and one of the authors of the draft transiton document told HPCwire back in June, “The United States government is mandating their agencies to it, but industry as well as going to need to be doing this migration. The migration is not going to be easy [and] it’s not going to be pain free,” said Moody, whose Ph.D. specialized in elliptic curves, a commonly used base for encryption.

“Very often, you’re going to need to use sophisticated tools that are being developed to assist with that. Also talk to your vendors, your CIOs, your CEOs to make sure they’re aware and that they’re planning for budgets to do this. Just because a quantum computer [able to decrypt] isn’t going to be built for, who knows, maybe 15 years, they may think I can just put this off, but understanding that threat is coming sooner than than you realize is important,” said Moody. (See HPCwire article, NIST Q&A: Getting Ready for the Post Quantum Cryptography Threat? You Should be.)

Currently, there are no quantum computers capable of breaking most codes. The latest NIST reports notes, “This date reflects (2035) the urgency of transitioning to cryptographic methods that can withstand future quantum threats. However, it is important to recognize that migration timelines may vary based on the specific use case or application. Some systems, particularly those with longterm confidentiality needs or more complex cryptographic infrastructures, may require earlier transitions, while others may adopt PQC at a slower pace due to legacy constraints or lower risk profiles…NIST will work to ensure that these varying timelines are acknowledged and supported while maintaining the overall goal of achieving widespread PQC adoption by 2035.”

Industry is already weighing in.

Tomas Gustavsson, Chief PKI Officer, Keyfactor, told HPCwire, “The National Institute of Standards and Technology (NIST) released its initial public draft of a post-quantum cryptography (PQC) timeline – a huge milestone that will have massive influence. With this new development, NIST has established a clear timeline for organizations to transition away from RSA and ECC, answering one of the most common questions around PQC, with expectations that other compliance frameworks will soon align with this guidance.

“For example, Federal Information Processing Standards (FIPS) are U.S. government-issued guidelines for ensuring security and interoperability in computer systems used by federal agencies and contractors, ranging across a variety of sectors including like the financial industry, telecom, automotive, manufacturing, rail, etc. Therefore, every sector and business must consider these timelines, and it is impossible to ignore them. Given that previous transitions, like SHA-1 to SHA-2, took over a decade, starting early is essential as the timeframe for PQC adoption is much shorter.”

Link to the NIST report,

https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8547.ipd.pdf

Source：https://www.hpcwire.com/2024/11/14/nist-issues-draft-post-quantum-cryptography-transition-strategy-and-timeline/