The race to quantum readiness is now a sprint.
As we near the end of 2023, quantum computing constantly makes the news. If you don’t stay on your toes, you’ll surely miss something. At the same time, the ether is flooded with information, and not everything is trustworthy. Unless you spend a lot of time monitoring this landscape, the truth is hard to navigate. As one of my amazing colleagues expressed, it’s a pretty dense jungle out there, and we need to be equipped with a sharp machete.
Unpacking the news from NIST
As most know, NIST completed round 3 of its competition for post-quantum algorithms in 2022, intending to finalize standards in 2024. To everyone’s pleasure, draft standards have been around the time this blog post was written. Though we haven’t seen it quite yet, a high-level summary is that Kyber, Dilithium, and SPHINCS+ now have draft standards with a comment period ongoing until November 22. Kyber is an encryption (KEM) algorithm, while Dilithium and SPHINCS+ are digital signature algorithms. At an NCCoE meeting in August, it was announced that the new standardized algorithms are named ML-KEM, ML-DSA, and SLH-DSA.
NIST isn’t the only organization working to standardize quantum-resistant algorithms. Germany’s Federal Office for Information Security is expected to standardize the usage of Classic McElise, another digital signature algorithm.
Organizations have some development work ahead of them to update algorithms with the latest changes and names. For PKI and code signing, multiple algorithms must be incorporated into products, depending on which ones customers will actually choose. For some, choosing algorithms will be easy. But for some, it will be more difficult. The primary algorithms selected by NIST should be a safe choice for most.
In addition to the new algorithm standardization, the buzz is building around CSNA 2.0. Announced in the fall of 2022, CSNA 2.0 regards the usage of stateful hash-based signature algorithms (SHBS). CSNA 2.0 states that LMS or XMSS algorithms should be used for firmware signing, though LMS seems widely preferred. Implementing these algorithms in a production environment can be very challenging. Even still, they are standardized both in NIST SP 800-208 and by IETF RFCs.
Leaving out the technical details, the operational requirements of these algorithms are not trivial to meet. Teams seeking to leverage old processes, key management solutions, and existing policies to adopt a new algorithm may have to think again. These factors may need to be rethought from scratch to consider the state of management, especially over long periods of time. The challenges are so significant that companies and organizations — competitors and partners alike — came together in a rare event to discuss this topic with NIST and the NSA. Great things happen when industry and the public sector work together, so we hope for updated guidance on this topic.
Last but not least, there is a flurry of interoperability work going on — everywhere from IETF Hackathons to Hardware Security Modules to public and private PQC testing labs. When it works, it often works straight away, and when it doesn’t work, it is either fixed quickly or the difference is in implementation details, such as round 2 vs. round 3 of algorithm specifications, where non-interoperability is expected. Results for us so far have been better than expected when testing with several other vendors.
The downside of working against a moving target, as the standards are not finalized, is that interoperability tests must be redone as new versions are published. Luckily, this comes at a much lower effort than the hard groundwork that has been done up until now. We are all in this migration together and are interested in interoperability working well.
The path forward
Keyfactor is collecting many data points from customers and partners, industry organizations, governments, and standardization bodies. The journey ahead of us is long and arduous, but the path forward is clear. Many bright people are working together to pull the largest cryptographic migration the world has ever seen.
To learn more, visit Keyfactor’s PCQ Lab — a place for IT leaders, security pros, and developers to explore and prepare for the post-quantum world.