The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. The NCCoE outlines Migration to Post-Quantum Cryptography and Getting Ready for Post-Quantum Cryptography. NCCoE discusses how the advent of quantum computing technology will compromise many of the current cryptographic algorithms, especially public-key cryptography, which is widely used to protect digital information. Most algorithms on which we depend are used worldwide in components of many different communications, processing, and storage systems. Once access to practical quantum computers becomes available, all public-key algorithms and associated protocols will be vulnerable to criminals, competitors, and other adversaries. It is critical to begin planning for the replacement of hardware, software, and services that use public-key algorithms now so that information is protected from future attacks.

The European Union Agency for Cybersecurity (ENISA) produced a White Paper that provides an overview of the current state of affairs on the standardization process of Post-Quantum Cryptography (PQC). It presents the 5 main families of PQ algorithms; viz. code-based, isogeny-based, hash-based, lattice-based and multivariate-based. It is important to make a distinction between Post-Quantum Cryptography (PQC) and Quantum Cryptography. PQC is about designing cryptographic solutions that can be used by today’s [non-quantum] computers and that we believe are resistant to both conventional and quantum cryptanalysis. On the other hand, Quantum Cryptography is about cryptographic solutions that take advantage of quantum physics to provide certain security services.

NIST intends to standardize post-quantum alternatives to its existing standards for digital signatures (FIPS 186) and key establishment (SP 800-56A, SP 800-56B). These standards are used in a wide variety of Internet protocols, such as TLS, SSH, IKE, IPsec, and DNSSEC. Schemes will be evaluated by the security they provide in these applications, and in additional applications that may be brought up by NIST or the public during the evaluation process. Additionally, NIST intends to standardize one or more schemes that enable “semantically secure” encryption or key encapsulation with respect to adaptive chosen ciphertext attack, for general use. This property is generally denoted IND-CCA2 security in academic literature.

In a National Institute of Standards and Technology (NIST) Cybersecurity White Paper, they discuss how cryptographic technologies are used throughout government and industry to authenticate the source and protect the confidentiality and integrity of information that we communicate and store. The paper describes the impact of quantum computing technology on classical cryptography, particularly on public-key cryptographic systems. This paper also introduces adoption challenges associated with post-quantum cryptography after the standardization process is completed. Planning requirements for migration to post-quantum cryptography are discussed. The paper concludes with NIST’s next steps for helping with the migration to post-quantum cryptography.

Post-quantum cryptography (PQC), also called quantum-resistant cryptography, refers to the pursuit of cryptographic systems that would be secure against attacks from both conventional and quantum computers. In recent years, quantum computers—machines that exploit quantum mechanical phenomena to evaluate math problems that are too complex or intractable for traditional computers—have been the subject of an extensive amount of research. As of 2021, while no such quantum computer has been built, researchers in the field agree that these powerful computers would be able to break many of the public-key cryptosystems that are currently in use. Doing so would severely compromise the privacy and integrity of digital communications on the internet and elsewhere. Post-quantum cryptography strives to address this issue before it arrives, by working to create cryptographic algorithms that would be secure from a cryptoanalytic attack by a quantum computer.