The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) is looking to develop practices that will ease the migration from public-key cryptographic algorithms to replacement algorithms that are resistant to quantum computer-based attacks.
The practices – to be reflected in white papers, playbooks, and demonstrable implementations for organizations – will be aimed at organizations providing cryptographic standards, protocols, and enterprises that “develop, acquire, implement, and service cryptographic products.” According to a draft notice, NIST has developed a cybersecurity white paper, Getting Ready for Post-Quantum Cryptography, to begin the discussion on migrating to post-quantum algorithms.
NCCoE indicated that the work will break a lot of new ground. The draft states that there is no current inventory that can guide updates to standards, guidelines, regulations, hardware, firmware, operating systems, communication protocols, cryptographic libraries, and applications that employ cryptography that accelerates migration to quantum-resistant cryptography.
“The initial scope of this project is to demonstrate the discovery tools that can provide automation assistance in identifying where and how public-key cryptography is being used in hardware, firmware, operating systems, communication protocols, cryptographic libraries, and applications employed in data centers on-premises or in the cloud and distributed compute, storage, and network infrastructures,” the draft states.
The project will engage with industry in demonstrating use of automated discovery tools to identify all instances of public-key algorithm use. Once the public-key cryptography components and associated assets are identified, the project will prioritize the components that need to be considered first in the migration.
Lastly, the project will provide systemic approaches for migrating from vulnerable algorithms to quantum-resistant algorithms across different types of assets and supporting underlying technology.
To support this project, NCCoE is developing “a Cryptographic Applications community of interest in coordination with the NIST Post-Quantum Cryptography standardization team and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency team.” The community of interest will work on a migration playbook to address challenges previously described, while providing recommendations to prepare for a smooth migration.
Additionally, NCCoE “has developed this project description for practical demonstration of technology and tools that can support a head start on executing a migration roadmap in collaboration with this community of interest.”