In 2020, the NCSC released a white paper titled Preparing for Quantum-Safe Cryptography. This document highlighted the risks posed by future quantum computers, significantly larger and more advanced than current technology, to a vital segment of widely adopted cryptography known as public-key cryptography (PKC). PKC serves as the backbone for secure communication on the internet and various other networks.
The same white paper emphasizes that the recommended approach by the NCSC to mitigate the impacts of quantum computing is through quantum-safe cryptography, or post-quantum cryptography (PQC). PQC is designed to withstand attacks from quantum computers as well as today’s conventional, or classical, computers. Additionally, PQC maintains similar functionality to the PKC that is currently in use and can often be implemented on existing devices, such as PCs and smartphones, through software updates.
While this may appear to be a simple remedy for a potentially disruptive technological threat, the transition to PQC is a highly intricate process. This blog post aims to clarify the reasons behind this complexity.
The threat of quantum computing to traditional PKC has been recognized for many years, prompting extensive research into PQC by cryptographers across academia, industry, and government since at least the mid-2000s. PQC employs different mathematical foundations compared to traditional PKC in the computational challenges that support its security. This prolonged research period has facilitated a comprehensive examination of the algorithms that are expected to gain significant traction.
In 2016, the US National Institute of Standards and Technology (NIST) initiated a process to endorse PQC algorithms for standardization, which recently achieved a pivotal milestone: the release of draft standards. Although essential security research into PQC will persist, this development signifies a shift in PQC transition from primarily a research initiative to a global IT migration undertaking.
The availability of draft standards empowers organizations managing their cryptographic frameworks to make progress in PQC migration. These organizations can begin experimenting with new PQC algorithms to evaluate their performance in crucial applications. To facilitate these efforts, the NCSC is issuing further guidance on algorithm selection and protocol considerations.
Transitioning to PQC involves more than merely adopting new algorithms; it requires the re-engineering of protocols and services. PQC typically demands more from devices and networks than traditional PKC, particularly in terms of the data that must be exchanged between parties to ensure secure communications. International organizations are concurrently updating protocol standards alongside algorithm standards, which is fostering trial deployments of PQC by significant service providers to comprehend the possible effects of this transition.
Despite the challenges, upgrading many major internet services—and the applications dependent on them—will likely be one of the ‘more manageable’ aspects of PQC migration. A variety of legacy protocols, especially those utilized in critical national infrastructure (CNI), will also undergo transition to PQC. An additional layer of difficulty in these cases lies in the need to execute cryptography on devices with limited resources or on legacy systems that are resistant to updates.
Fortunately, extensive research in academia and industry has concentrated on these challenging scenarios, leading to viable solutions for numerous situations. For those devices or infrastructures that cannot be upgraded to PQC, system owners will need to prepare for PQC transition as part of their scheduled technology refresh cycles. Over the coming years, NCSC will offer specialized guidance to sectors of national significance to assist with the transition to PQC.
Despite the significant effort that transitioning to PQC entails, it’s crucial to remember that for many cases, PQC is fundamentally just software. A considerable proportion of these applications or internet services are developed and managed by large service providers. In such instances, the transition to PQC will typically occur through a software update from the provider. Individuals and organizations relying on major service providers for their cryptographic needs should adhere to NCSC recommendations on maintaining software and devices up to date, with the transition to PQC taking place primarily behind the scenes.
For users in this category, there is indeed a relatively straightforward answer to the quantum threat, but that is only possible due to the years of effort by cryptographers, software engineers, hardware designers, security architects, and numerous other cybersecurity professionals across the globe.
John H
Head of Crypt Research
Based on an article from ncsc.gov.uk: https://www.ncsc.gov.uk/blog-post/migrating-to-post-quantum-cryptography-pqc
