September 2023 Update: Marking a nearly seven-year process and the final steps towards the world’s first post-quantum cryptography standards, the U.S. National Institute of Standards and Technology (NIST) released draft standards for quantum-safe algorithms on Aug. 24.

The transition to quantum-safe cryptography will hinge on two steps: inventorying all cryptographic assets and achieving crypto-agility through automation and centralized management.  DigiCert’s customers investing in crypto-agility have deployed DigiCert^® Trust Lifecycle Manager, which provides a comprehensive solution to discover, manage and automate digital trust across their organization.  

For additional guidance on preparing for the transition to quantum cryptography, please refer to this blog.

Quantum computers could break the internet. Well, not exactly. But, they could break the cryptographic algorithms in use today to secure the internet. That’s why NIST has been reviewing potential cryptographic algorithms that could withstand both traditional and quantum computers.

While quantum computers aren’t coming in the next year or two, they will most likely arrive in the next decade or two. That means, over the next decade or two, all the secure communications protocols on the internet will need to be updated to incorporate NIST’s standardized algorithms. This announcement signals that it’s time to start preparing for when NIST’s standards go into place.

NIST selects final primary algorithms

NIST has been reviewing potential algorithms for standardization since 2016. Since then, several candidates for algorithms have been put forward. Several rounds of review have been held, with the best candidates from each round advancing farther. Experts from various institutions around the world, including DigiCert, came together at a series of conferences to review the selected algorithms.

On July 5, 2022 NIST announced four algorithms that they selected as the primary choices for standardization. Those include:

For general encryption (Public-Key Encryption/KEMs)

• CRYSTALS-KYBER

For digital signatures

• CRYSTALS-Dilithium
• Falcon
• SPHINCS+

However, NIST will also select up to two potential backup algorithms in case problems are found with the primary algorithms in the future. The fourth round of submissions will conclude in October 2022, and the final decisions on standardization will be made at the 4th NIST PQC Standardization Conference from Nov. 29 to Dec. 1.

In the announcement, NIST’s PQC team stated, “NIST would like to thank the community and all of the submission teams for their efforts in this standardization process and hopes that the teams whose schemes were not selected to advance will continue to participate by evaluating and analyzing the remaining cryptosystems alongside the cryptographic community at large. These combined efforts are crucial to the development of NIST’s future post-quantum public-key standards.”

For more details about the selection process, refer to the NIST Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process and the NIST PQC webpage.

Why do we need new algorithms to protect against quantum?

The asymmetric cryptographic algorithms in use today (RSA, ECC) are vulnerable to compromise by sufficiently powerful quantum computers. These computers don’t exist today but likely will in a decade or two. New algorithms (referred to as “post-quantum cryptography” or PQC) are based on math problems that are hard for both quantum computers and traditional computers to solve and have been developed to address this threat. NIST has led an effort to evaluate these candidate algorithms and make sure that they provide the appropriate level of security.

What’s the timeline for implementation of these algorithms?

Moving to PQC will be the biggest security upgrade that has ever been attempted for the internet, and it is important that everyone work together to help it go as smoothly as possible, as it may take a few years to fully prepare for PQC. When you should start transitioning to quantum-safe algorithms will depend on your organization and how you use cryptographic algorithms.

However, NIST recommends it’s still too soon to completely transfer these algorithms into systems as they may still change before the standard is finalized. Now that the algorithms have been selected, standards documents need to be written about how they need to be implemented, tested and deployed securely. So it will take about two years before NIST implements a standard.

At the same time, implementors of cryptographic libraries and security software need to start integrating these algorithms into their products. While some initial implementations exist as open-source projects, most widely used cryptographic software libraries and hardware do not yet support the new algorithms. We expect that to change rapidly as the selected algorithms are standardized.

Additionally, users of traditional cryptographic algorithms need to start exploring now how these new PQC algorithms can be incorporated into their software, as the new algorithms are not drop-in replacements for the traditional algorithms. Some work will be required to redesign cryptographic protocols to accommodate the new algorithms.

Furthermore, standards groups maintaining protocols like TLS, IPSec, and various PKI standards will have to incorporate the new algorithms into those protocols as well. This will be a multi-year effort across a wide variety of standards groups.

Start with discovery

NIST recommends starting with discovering which systems and applications use public-key cryptography and creating an inventory of what will need to be replaced. This can be done now, and DigiCert offers various discovery tools to gain control over your certificate inventory. Currently, most organizations do not have a complete, real-time picture of their certificate landscape. But using tools like DigiCert’s discovery service can give you a comprehensive scan of your network.

Once you’ve done discovery, the next step is to automate the certificate renewal and installation process, which will help you save time and reduce risk while remaining compliant with standards like NIST’s quantum recommendations. Learn more about DigiCert discovery & automation to gain control over your certificate inventory.

DigiCert’s Post-Quantum Computing Tool Kit

DigiCert has been involved in helping NIST set the standards for post-quantum cryptography, and we’ve also created solutions for our customers to prepare for PQC. DigiCert’s PQC tool kit is designed for technical users who want to try out the process of installing the hybrid RSA/PQC certificate (TLS or IoT). Whether you’re planning to explore quantum-safe algorithms right away or as a future initiative, DigiCert can provide the expertise and support you need to meet your specific business needs.

If you’d like to learn more about how to acquire the PQC tool kit, contact DigiCert sales, as the kit will be available as a zip file download from CertCentral. The tool kits will include instructions on how to build a post-quantum capable version of OpenSSL (popular SSL/TLS library) and Apache (web server) on a Linux server or workstation and use those programs to run various tests.