Getting Ready for Post-Quantum Cryptography

Exploring Challenges Associated with Adopting and Using Post-Quantum Cryptographic Algorithms

NIST Cybersecurity White Paper

April 28, 2021

William Barker
Dakota Consulting
Gaithersburg, MD

William Polk
Applied Cybersecurity Division
Information Technology Laboratory

Murugiah Souppaya
Computer Security Division
Information Technology Laboratory

This publication is available free of charge from: https://doi.org/10.6028/NIST.CSWP.04282021

Abstract

Cryptographic technologies are used throughout government and industry to authenticate the source and protect the confidentiality and integrity of information that we communicate and store. The paper describes the impact of quantum computing technology on classical cryptography, particularly on public-key cryptographic systems. This paper also introduces adoption challenges associated with post-quantum cryptography after the standardization process is completed. Planning requirements for migration to post-quantum cryptography are discussed. The paper concludes with NIST’s next steps for helping with the migration to post-quantum cryptography.

Keywords

crypto agility; cryptography; crypto transition; digital signatures; key establishment mechanism (KEM); post-quantum cryptography; public-key encryption; quantum resistant; quantum safe.

Disclaimer

Any mention of commercial products or reference to commercial organizations is for information only; it does not imply recommendation or endorsement by NIST, nor does it imply that the products mentioned are necessarily the best available for the purpose.

Acknowledgement

The authors wish to thank all of the individuals and organizations who provided comments, in particular Dusty Moody and Lily Chen from NIST and Brian LaMacchia from Microsoft.

Additional Information

For additional information on NIST’s Cybersecurity programs, projects, and publications, visit the Computer Security Resource Center, csrc.nist.gov. Information on other efforts at NIST and in the Information Technology Laboratory (ITL) is available at nist.gov and nist.gov/itl.

Comments on this publication may be submitted to:

National Institute of Standards and Technology
Attn: Applied Cybersecurity Division, Information Technology Laboratory
100 Bureau Drive (Mail Stop 2000) Gaithersburg, MD 20899-2000
Email: applied-crypto-pqc@nist.gov

All comments are subject to release under the Freedom of Information Act (FOIA).

Table of Contents

  1. Cryptographic Technologies
  2. Impact of Quantum Computing Technology on Classical Cryptography
  3. Post-Quantum Cryptography
  4. Challenges Associated with Post-Quantum Cryptography
  5. Planning for Migration to Post-Quantum Cryptography
  6. Next Steps

Key Resources

Related Resources

Advisory
Agencies Issue Advisory as Ransomware Group Accelerates Attacks on Health Care Sector
Public
Letter/Comment
AHA, Others Urge UnitedHealth Group to Provide Breach Notifications on Behalf of the Field
Public
Letter/Comment
AHA Letter to Senate Finance Committee for May 1 Hearing on Change Healthcare Cyberattack
Letter/Comment
AHA Letter to House E&C Subcommittee for May 1 Hearing on Change Healthcare Cyberattack
Advisory
Homeland Security Proposes New Cyber Incident Reporting Requirements
Member
Special Bulletin
UnitedHealth Group Provides Update on Data Impacted By Cyberattack
Member