Post-Quantum Cryptography
“Transitioning to post-quantum encryption algorithms relies not only on the development of these algorithms but also on their adoption. While development is already in progress, planning for widespread adoption is still in its early stages. It's crucial to start preparations now to protect sensitive data that exists today and will remain confidential in the future.”
The Department of Homeland Security (DHS), in collaboration with the Department of Commerce’s National Institute of Standards and Technology (NIST), has introduced a roadmap to assist organizations in safeguarding their data and systems while mitigating risks associated with the advancement of quantum computing technology.
The Quantum Computing Threat
Quantum computing promises immense speed and power, but it also brings new risks. As this technology evolves, it is expected to compromise some widely used encryption methods that protect customer data, facilitate business transactions, and secure communications. The DHS's new guidelines will help organizations prepare for the shift to post-quantum cryptography by identifying, prioritizing, and protecting vulnerable data, algorithms, protocols, and systems.
DHS Approach
Secretary Mayorkas has made the transition to post-quantum encryption a top priority for cybersecurity resilience. DHS has issued internal policy guidelines to enhance the Department’s preparedness and is conducting a comprehensive analysis to guide government actions, ensuring a smooth and fair transition.
Key Elements of DHS's Approach:
- Transition Planning: DHS is focused on developing and implementing guidance for the transition to post-quantum cryptography within its Components. This involves preparing for new standards from NIST and creating an inventory of all DHS cryptographic systems and data types.
- Collaboration with NIST: DHS and NIST are working together to create materials that raise awareness and provide guidance to various stakeholders, including federal, state, local, tribal, and territorial partners, as well as critical infrastructure owners and private sector entities.
- Risk and Needs Assessment: DHS’s Cybersecurity and Infrastructure Security Agency (CISA) is evaluating priority National Critical Functions to determine where post-quantum cryptography transition work is needed, identifying the highest risks and sectors that may need federal support.
Roadmap for Organizations
In partnership with NIST, DHS has developed a guide to help organizations prepare for the transition to post-quantum cryptography. Key steps include:
- Take inventory of current cryptographic systems and the data being protected.
- Engage with standards developing organizations to stay updated on algorithm and protocol changes.
- Identify and prioritize sensitive and critical datasets that require long-term protection.
- Identify systems using public key cryptography as quantum vulnerable and prioritize them accordingly.
- Develop transition plans for systems based on the new post-quantum cryptographic standards once published.
Partnership and Outreach
DHS and NIST are conducting outreach to relevant stakeholders through a jointly developed roadmap. This outreach aims to ensure a seamless transition to post-quantum cryptography and prevent unnecessary delays or resource expenditures.
Understanding Quantum Background
Quantum Information Science (QIS) studies the impact of quantum physics properties on information science, significantly increasing computational power and speed. The most pressing issue is the threat to asymmetric cryptography from quantum computing, as an advanced quantum computer could break encryption methods like RSA and ECC.
NIST is working on establishing a new post-quantum cryptography standard, expected to be completed by 2024. DHS is preparing for this transition without prematurely purchasing or implementing non-standard solutions, which could complicate the process and incur significant costs.
Qujata Project
The Qujata project plays a crucial role in testing and evaluating post-quantum cryptography algorithms. Qujata monitors the performance of these algorithms in real-world scenarios to ensure they meet the necessary security and efficiency standards for future implementation. This project is key in identifying the most promising post-quantum cryptographic solutions and aiding their adoption across various industries.