Skip to Content

How should organizations respond to NIST’s announcement of the first batch of quantum-resistant cryptographic algorithms?

Jérôme Desbonnet
21 Sep 2022

Crypto agility could hold the key to being equipped to adapt, mitigate, and handle any security challenges arising due to vulnerabilities of the cryptosystems in post-quantum.

The premise of quantum threat

Quantum computers promise the potential to solve complex problems considered intractable for classical computers. The power of quantum computers comes from the usage of quantum principles to solve computation problems. The anticipated applications are in the domains of optimization, simulation, machine learning, solving differential equations, and more. These computers are expected to have the potential to solve some major challenges in industry and society and to aid in the discovery of new drugs, development of new materials for batteries and solar systems, optimization of supply chains and production lines, and more.

However, this great power comes with a great threat, which is the potential ability of quantum computers to crack some of the major public key cryptographic systems in use today. Actors with malicious intent could potentially break the security of enterprise applications, disturb or even damage public services and utility infrastructure, disrupt financial transactions, and compromise personal data.

Increased global attention to post-quantum security and key announcements

Considering the seriousness of the threat, industries, governments, and standard bodies have started working towards defining systems that will be secure and resistant to the threats posed by the arrival of large, powerful quantum computers. These are the post-quantum cryptographic systems. 

But today’s quantum computers are still rudimentary in their capabilities. It’s estimated by industry experts surveyed by the World Economic Forum that it will take ten years or more for the development of quantum computers powerful enough to break the current security algorithms. The first question that comes to our mind is – why the urgency and so much noise around the topic? 

One of the key reasons is that actors with malicious intent could capture and store the encrypted data flowing over the Internet and could decrypt this stored data when large-scale quantum computers become available. This “store now and decrypt later” strategy has become a serious and imminent threat, especially to systems carrying data that has a valid life beyond the anticipated ten years. These systems need to be upgraded now with quantum-safe cryptographic components.

Considering the vast nature of this challenge, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has initiated the process of post-quantum cryptography (PQC) standardization to select public-key cryptographic algorithms to protect information even after the large-scale availability of quantum computers. According to the Capgemini Research Institute’s report published in April 2022, a large number of organizations (58%) are waiting for standards to emerge before prioritizing quantum security as part of their investments. 

But some important global developments in the recent past have increased the focus on quantum technologies and the need for mitigating the associated risks to vulnerable cryptographic systems. They are:

  1. Issue of National Security Memorandum, which highlighted the need to maintain a competitive advantage in quantum technologies and also mitigate the risks to a nation’s cyber, economic, and national security;
  2. Commitment to intensify and elevate cooperation among G7 members and partner countries to deploy quantum-resistant cryptography to secure interoperability between ICT systems;
  3. NIST’s announcement of the selection of the first four quantum-resistant cryptography algorithms. 
  4. Release of Requirements for Future Quantum-Resistant (QR) Algorithm for National Security Systems by The National Security Agency (NSA) with 2035 as adoption deadline.

The four selected algorithms are expected to become part of the highly anticipated NIST standards for post-quantum cryptography in a couple of years, likely in 2024. As the announcement makes clear, these algorithms are designed for two main encryption tasks – the first is general encryption to protect information exchanged over public networks, and the second is digital signatures to authenticate/verify identities. Our blog, “NIST announces four post-quantum crypto finalists. What happened?” provides more information.

So, what should an organization do now? 

Should they immediately start implementing the algorithms and replace the vulnerable components in their IT and OT systems, continue to wait until the official publication of international standards in the next two years, or wait until the threat becomes a reality when these powerful quantum computers are operational? 

Well, in our view, the answer lies somewhere in between these options. While continuing to wait may not be the best choice an organization could make, especially considering the store-now-and-decrypt-later risks, going ahead with a full-blown project implementing the migration of all the systems to quantum-safe is neither cost effective nor wise. So, what is the recommended call to action? 

Crypto agility could hold the key

The answer, in our view, is crypto agility for post-quantum and beyond. It is the proactive design of information security protocols and standards in such a way that they can support multiple cryptographic primitives and algorithms at the same time, with the primary goal of enabling rapid adaptations of new cryptographic primitives and algorithms without making disruptive changes to the system’s infrastructure. 

If organizations are to achieve a position in which they are equipped to rapidly adapt, mitigate, and handle any security challenges arising due to vulnerabilities of the cryptosystems in post-quantum and beyond in the most optimized manner, they will need to put in place certain processes and systems.

We would recommend the following:

  • The first step is for the leadership to initiate a program with clearly defined objectives of achieving post-quantum crypto agility and to establish the collaboration teams within the organization and with the external ecosystem for required solutions, skills, and capabilities. It is also important to start educating key personnel of the organization on PQC and its implications.
  • Initiate a process to gather information across the organization with details of all the systems and applications that are using public-key cryptography and details of the most sensitive and critical datasets (both data-at-rest and data-in-motion) to be protected for long time periods. The factors affecting the whole process are multi-dimensional (which needs separate discussion).
  • Start experimenting with the new algorithms announced by NIST to get an understanding of the impact and challenges involved in the quantum-safe migration path. Start building an initial framework for the target state architecture of the overall system.
  • Prepare a roadmap for post-quantum safe migration based on the multi-dimensional analysis and prioritization of datasets requiring protection and systems and applications using vulnerable cryptographic systems. 
  • Perform further analysis on the interdependencies of systems to decide the sequence of migration and initiate the process of identifying and evaluating sources for components, solutions, and services to implement the migration plan, not forgetting to develop a plan for testing and validation of the successful implementation of the migration.

Organizations following these steps will be better positioned to handle the PQC challenge more effectively. Not adopting such an approach could lead to issues such as:

  • Execution of migration projects in silos leading to integration challenges
  • Breaking the functionality of systems due to partial migration of components
  • Higher costs than optimally required and
  • Increased complexity and unpredictable refactoring every time we discover something new to be addressed.

These issues can lead to reduced confidence in the migration, and so the whole process can be quite challenging, expensive, time consuming, and risky, depending on the complexity and size of the systems in the organization. So, we recommend to our clients to start the process sooner rather than later, at least to understand where they stand in their journey and to estimate the potential size of the migration journey in terms of both time and costs. In summary, we believe organizations should not wait and start now, taking steps to achieve critical crypto agility across their business.

Authors: Jérôme Desbonnet and Gireesh Kumar Neelakantaiah

Jérôme Desbonnet

Cybersecurity CTIO Capgemini & Cyber Advisor
I create security architecture designs. I plan and execute major security programs to ensure that our clients are well protected.

Gireesh Kumar Neelakantaiah

Global Strategy, Capgemini’s Quantum Lab
Leading go-to-market initiatives for the Quantum Lab, including solution development, strategic planning, business and commercial model innovation, and ecosystem partner and IP licensing management; Skilled in Quantum computing (IBM Qiskit), Data science, AI/ML/Deep learning, Digital manufacturing & Industrial IoT, Cloud computing.