As the roadmap to production gets clearer, Keyfactor’s Chief PKI Officer breaks down when and how to start implementing NIST’s new standards.
The National Institute of Standards and Technology (NIST) has initiated the standardization process for four algorithms that were specifically designed to be resilient against quantum computer attacks. These algorithms were selected by NIST last year and are now one step closer to being accessible to organizations worldwide for integration into their encryption infrastructure. NIST recently released draft standards for three of the four chosen algorithms, while the draft standard for the fourth algorithm, FALCON, is expected to be published in about a year. Other algorithms were considered during the multi-year selection process and failed the rigorous testing processes, and did not hold up to public scrutiny.
Once completed, the new standards will provide the world with the first tools to protect sensitive information from this new threat. While current encryption algorithms are yet to be surpassed by quantum computers, experts emphasize the need for proactive planning to ensure long-term security. This is particularly important as integrating new algorithms across all computer systems can be time-consuming and span several years.
Now that the official word is out, industry and government organizations will race against PQC advancement to implement these standards. The cryptographic community has until November 22, 2023, to make comments before NIST finalizes the standard documents.
Q&A with Keyfactor’s Chief PKI Officer
Keyfactor’s Chief PKI Officer, Tomas Gustavsson, weighs in on the breaking industry news and advises organizations on when and how to start implementing NIST’s new standards.
What does this announcement from NIST mean for the cryptographic community?
TG: The news from NIST means the race is on. Organizations and vendors will quickly work to implement strategies for PKI replacement and data encryption (at rest and in transit) and develop additional protocols. We expect to see a myriad of advice, white papers, use cases, mandates, and more.
The uncertainty surrounding which algorithms will be used in practice has nearly disappeared. It is an important step because it allows organizations to focus on these algorithms for testing until production. The roadmap to production is becoming clearer, as there are now timelines outlining when the final standards will be available. For product vendors, it provides a path for development and interoperability testing.
OIDs (object identifiers) will not be released until the final standards, so it is not yet time to go to production, but the path forward is (almost) clear. What is still unclear is that we don’t know when FIPS certification can be performed. We will likely learn more about that once standards are published, potentially in early 2024.
Regarding NIST’s request for feedback, does anything need to be changed on the draft standards?
TG: There is still uncertainty around Prehash usage of the digital signature algorithms for signing large payloads like CRLs, documents, or software using network-connected or cloud HSMs. It is mentioned in the FIPS 204 draft section 7.1 and the FIPS 205 draft section 9.4, but not with many details.
How is Keyfactor positioned for this impending change?
TG: Keyfactor has been paving the way with testing implementation — over a year ago, Bouncy Castle was updated to support these algorithms. Keyfactor continues to be a leader in readiness and an advocate for organizations that need help with roadmapping, transitioning, and planning. Our custom PKI solutions enable organizations to prepare, no matter what step of the process they’re in.
Owning the complete software stack, from cryptographic libraries to PKI and digital signature software and lifecycle management, allows us to be one of the first to support the new standards. Our software can function as a model for others to test against, and customers can feel safe that Keyfactor’s solutions are quantum-ready.
At a high level, what advice can you offer organizations looking to implement these standards (especially regarding PKI)?
TG: Now is the time for organizations to start taking inventory of systems for migration and identifying which are the most sensitive and most exposed. Security leaders also must look at the application ecosystem and start planning the migration— set up lab environments to test PQC PKI and prepare signature validation software for new algorithms. In short, start learning now so you can focus on the standardized algorithms and move forward. This change will come with a long learning curve for many organizations, so the time to begin the journey is today.
Looking Ahead: Learn More and Test It Out Today
Keyfactor EJBCA and SignServer already support issuing quantum-ready PKI certificates alongside the existing PKI within the same environment. This ensures a smooth experience with minimal disruption to your current infrastructure and environments. You can begin experimenting with the technology and gradually understand its relevance to your specific environment over time.
Bouncy Castle cryptographic APIs support all the new algorithms and many others. The latest beta release has been updated with the algorithm changes that came with the draft standards.
EJBCA supports ML-DSA (DILITHIUM) and NL-DSA (FALCON) algorithms for Root CAs, Issuing CAs, and End entities. While Certificate Revocation Lists (CRLs) can be generated, certain aspects, such as Online Certificate Status Protocol (OCSP) and other protocols, are still in the development phase and will be made available in the future. SignServer supports ML-DSA (DILITHIUM) AND SLH-DSA (SPHINCS+) for CMS and raw signing.
Check out our how-tos and videos, including:
- Setting up a ML-DSA root CA and issuing CA and issue your first quantum-ready code signing certificate with EJBCA and then sign code with ML-DSA in SignServer
- Issuing quantum-ready hybrid certificates using the Bouncy Castle Kotlin project.