Recently, the National Cyber Security Center (NCCoE) under NIST released a Migration to Post-Quantum Cryptography Project Fact Sheet. The document provides a brief overview of the background, goals, challenges, benefits, and workflow of the post-quantum cryptography migration project. In addition, NCCoE also lists the latest list of 28 technology vendors participating in the project.
Founded in 2012, NCCoE is a collaborative center where industry organizations, government agencies, and academic institutions work together to address enterprises' most pressing cybersecurity challenges. Create practical cybersecurity solutions for specific industry and broad cross-sector technology challenges through collaboration between government agencies and the private sector.
In August 2021, NCCoE officially launched the PQC migration project. The project aims to provide security platform support and demonstrations for US government agencies to understand how to migrate to quantum-resistant cryptography, so as to ensure that the US can safely and smoothly migrate the entire system to the new encryption mechanism before 2035.
To this end, NCCoE is forming a cooperative alliance. Just yesterday, American encryption solutions provider SafeLogic announced that it has recently joined NCCoE. Currently, the number of participants in NCCoE is 28. These participants will jointly promote NCCoE’s post-quantum cryptography migration project.
-
Amazon Web Services, Inc.
-
Cisco Systems, Inc.
-
Cybersecurity and Infrastructure Security Agency
-
Cloudflare, Inc.
-
Crypto4A Technologies, Inc.
-
CryptoNext Security
-
Dell Technologies
-
DigiCert
-
Entrust
-
IBM
-
Information Security Corporation
-
InfoSec Global
-
ISARA Corporation
-
JPMorgan Chase Bank, N.A.
-
Keyfactor
-
Microsoft
-
National Security Agency (NSA)
-
PQShield
-
SafeLogic, Inc.
-
Samsung SDS Co., Ltd.
-
SandboxAQ
-
SSH Communications Security Corp
-
Thales DIS CPL USA, Inc.
-
Thales Trusted Cyber Technologies
-
Utimachus
-
Verizon
-
VMware, Inc.
-
wolfSSL
Currently, the United States, the European Union, Japan and other countries and organizations have carried out research on PQC encryption technology. For example, in 2015, the US National Security Agency (NSA) announced the transition from the current public key algorithm to the PQC algorithm system. In 2016, NIST launched the PQC project to collect PQC standard algorithms and protocols from around the world.
In 2015, the European Union launched the PQC algorithm SAFECRYPTO application project. With the help of many European enterprises, universities and research institutions, the PQCRYPTO project and PROMETHEUS project have been carried out successively, and the PQCRYPTO project has been included in the EU Horizon 2020 plan, committed to creating a new generation of safe and practical PQC solutions. The Japan Science and Technology Agency has also launched the CREST project, which aims to study the mathematical modeling theory of PQC algorithm technology.
Currently, the PQC standardization work led by the US NIST is in a leading position globally. NIST recently released draft standards for three of the four algorithms selected in 2022: CRYSTALS–KYBER, CRYSTALS–Dilithium, and SPHINCS+. The draft standard for the fourth algorithm, FALCON, will be released in about a year. At the same time, the US government is considering replacing the current public key algorithm system with the standardized PQC public key algorithm because the latter cannot resist possible quantum computing attacks.
The migration of public key algorithms based on PQC is a huge migration work, and the migration process takes about 10 to 15 years. Therefore, only if the PQC algorithm is standardized and implemented as soon as possible can we be prepared for quantum computing attacks.
Reference connection:
https://www.nccoe.nist.gov/crypto-agility-considerations-migrating-post-quantum-cryptographic-algorithms