Defending against the cryptographic risk posed by quantum computing
+ The National Security Agency is responsible for protecting NSS against quantum computing risks. In 2015, NSA published guidance highlighting the need to prepare for the advent of a quantum computer, and encouraging the development of post-quantum cryptographic algorithms.
+ The National Institute of Standards and Technology has just named algorithm finalists in a program to standardize post-quantum algorithms for broader government and public use. Shortly after round three of NIST’s process is completed, NSA intends to select a post-quantum algorithm suite chosen from the NIST selected algorithms, and announce a timeframe for transition. U.S. entities employing non-NSS should plan to comply with NIST standards and deadlines.
As NSS owners, operators and NSA work together, protection against a quantum computer can be achieved before the quantum computing threat arrives.
+ In addition to the preparations the cryptographic community is making to deliver a set of high quality post-quantum algorithms, there are four steps NSS owners and operators should take now:
+ (1) Determine the potential issues their organizations and systems will likely face based on post-quantum algorithm performance characteristics;
+ (2) Analyze the reliance their systems have on current public-key technology, and plan accordingly;
+ (3) Maintain awareness of NSA guidance and policy (see below);
+ (4) Reach out to NSA with questions, comments, or concerns regarding this significant algorithm transition process. NSA’s Cybersecurity Requirements Center can be reached via email.
Source: Federal News Network. Adrian Stanger, Defending against the cryptographic risk posed by quantum computing…
Content may have been edited for style and clarity. The “+” to the left of paragraphs or other statements indicates quoted material from “Source:” document. Boldface title is original title from “Source:” Italicized statements are directly quoted from “Source:” document. Image sources are indicated as applicable.