Opus

In the context of rapid advancements in quantum computing technology, existing encryption algorithms are facing unprecedented challenges. The National Institute of Standards and Technology (NIST) released a draft report on November 12 (NIST IR 8547 Transition to Post-Quantum Cryptography Standards), proposing a roadmap for transitioning to post-quantum cryptography standards. This marks a comprehensive security revolution in the field of information technology, aimed at ensuring future data security and privacy protection.

Multidimensional Technological Upgrades: A comprehensive update from hardware to software.

The report points out that the successful deployment of post-quantum cryptography standards relies not only on the algorithms themselves but also on upgrades across multiple technical fields.

Background The National Security Agency (NSA), the National Institute of Standards and Technology (NIST), and the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) collaborated to develop this report to provide organizations supporting critical infrastructure with information on quantum Computing power affects information and encourages early preparation for migration to post-quantum cryptographic standards by developing a quantum readiness plan. NIST is developing the first set of quantum cryptography standards, expected to be released in 2024, to protect against possible future adversaries of quantum computing capabilities, known as Cryptoanalytically Relevant Quantum Computers (CRQC). CRQC has the potential to break the public key systems (sometimes called asymmetric cryptography) used to protect information systems today. Identity, Credentials and Access Management (ICAM), Identity and Access Management (IdAM), Endpoint Detection and Response (EDR) and Continuous Diagnostics and Mitigation (CDM), o Understand which systems and protocols are used to move or access their most sensitive and critical of data sets, and o identify quantum-vulnerable cryptographic techniques for protecting critical processes, especially critical infrastructure. • Organizations should input quantum vulnerability inventories into their risk assessment process, allowing risk officers to prioritize ensuring PQC is used. Post-quantum roadmap discussions with technology vendors CISA and the development agency encourage organizations to begin working with their technology vendors to understand the vendor’s quantum readiness roadmap, including migration. A solid roadmap should describe the supplier's plans to migrate to PQC, chart the timeline, and test the PQC algorithm and integration into the product. This applies to commercial off-the-shelf (COTS) and cloud-based products. Ideally, vendors will publish their own quantum-ready roadmaps describing their commitment to enabling post-quantum cryptography. The enacting agency also urges organizations to proactively plan for necessary contract changes. Considerations should ensure that new products will incorporate PQC and older products will be upgraded to PQC to meet the transformation timeline. Supply Chain Quantum Readiness Organizations should understand their reliance/reliance on quantum-vulnerable cryptography in systems and assets, as well as how suppliers in the supply chain can migrate to post-quantum cryptography. As mentioned above, understanding an organization's reliance on quantum-vulnerable cryptography includes discovering quantum-vulnerable algorithms within current IT and OT systems and equipment (custom-built or COTS) as well as the organization's reliance on cloud services, ensuring Plans will minimize quantum risks and be consistent with the organization's transition strategy.Organizations should also start asking vendors about how they are addressing quantum readiness and supporting the move to post-quantum cryptography. Other considerations include: • Prioritizing high-impact systems, industrial control systems (ICS), and systems with long-term confidentiality/confidentiality requirements. • If an organization discovers quantum-vulnerable cryptography in its custom technologies, it should assess the risk to those data or functions that rely on those technologies. The organization can migrate to post-quantum cryptography within these technologies or develop system security upgrades to mitigate the risks of continuing to use them. Customized products, especially those in older systems, may require the most effort to achieve quantum resistance. • For COTS products, communication with vendors to discuss their post-quantum cryptography roadmap is critical. The move to post-quantum cryptography should be viewed as an IT/OT modernization effort. An organization’s quantum readiness roadmap should include the timeline for vendors to deliver updates or upgrades to enable post-quantum cryptography, as well as the expected costs associated with migrating to post-quantum cryptography. •For cloud-hosted offerings, organizations should talk to their cloud service providers to understand the provider’s quantum readiness roadmap. Once quantum cryptography standards are available, communication should shift to how to enable the use of post-quantum cryptography through configuration changes or application updates. Vendor Responsibilities Manufacturers and vendors of products that support quantum-vulnerable cryptography should begin planning and testing integrations. The U.S. Department of Homeland Security, the National Security Agency, and the National Bureau of Standards and Technology encourage vendors to review the draft post-quantum cryptography standards published by the National Bureau of Standards and Technology that contain algorithms, recognizing that the specific implementation details of these algorithms are still incomplete. Ensure that products using post-quantum cryptographic algorithms are a reflection of security design principles. Vendors should prepare themselves to support post-quantum cryptography as soon as possible once the National Bureau of Standards and Technology finalizes these standards. https://www.cisa.gov/resources-tools/resources/quantum-readiness-migration-post-quantum-cryptographyhttps://www.cisa.gov/sites/default/files/2023-08/Quantum%20Readiness_Final_CLEAR_508c% 20%283%29.pdf

Quantum computers can break some of the most widely used encryption standards. The commercialization of quantum computing is developing at a speed you cannot imagine. Quantum-resistant algorithms are an effective solution to resist quantum attacks.