PQShield, a cybersecurity company specialising in post-quantum cryptography, has entered into a Cooperative Research and Development Agreement (CRADA) with the National Cybersecurity Center of Excellence (NCCoE), the cybersecurity division part of the National Institute of Standards and Technology (NIST), to develop practices to ease the migration to post-quantum cryptography from current public-key algorithms.
The advent of quantum computing technology will compromise many of the cryptographic algorithms widely used to protect digital information today because of quantum machines’ power to quickly solve the mathematical problems that underpin them. NIST’s work to standardize quantum-resistant public-key cryptographic algorithms is underway, and is expected to be completed in the next two years.
The US government has also recognised the seriousness of the quantum threat with the Quantum Preparedness Act, with the NSA requiring all US government agencies who protect National Security Systems (NSS) and related assets to start adopting quantum-resistant cryptography algorithms for software- and firmware-signing by 2025. Furthermore, ‘harvest now, decrypt later’ attacks contribute to the urgency of the threat, making the transition to post-quantum cryptography an immediate priority for many organisations.
However, the migration of cryptographic algorithms is both technically and logistically challenging, and can take years or even decades for a business to complete. Before any changes can be practically implemented, organisations must take steps to identify which hardware, software and services need to be upgraded – a process known as crypto-discovery. As cryptography is embedded into so many aspects of an organisation’s systems and infrastructure, this can be a complex and time-consuming first step.
Moving beyond crypto-discovery to real-world implementation
In order to address these challenges, the NCCoE Migration to Post-Quantum Cryptography project is leveraging public and private collaborative consortium to demonstrate tools that can assist the process of crypto-discovery. The NCCoE project is also working within its consortium to look at the broader real-world challenges of using post-quantum cryptographic algorithms in the protocols used today to protect communications and information.
PQShield has joined the project with this focus in mind, working with NCCoE team members to demonstrate the practical integration of quantum-resistant cryptography into software, hardware and advanced protocols. The company will be leveraging its extensive team of specialist cryptographers and engineers and building on its experience working with customers like Microchip Technologies, Collins Aerospace and Kudelski Security.
PQShield is able to offer practical insights from across the full spectrum, from hardware through to software and secure messaging. Through its partnership with Riscure, for example, the team has already begun ratifying quantum-resistant embedded hardware products’ resistance to side-channel attacks (SCA). It has also been a leading contributor to RISC-V’s cryptographic library, having developed multiple cryptographic extensions for the RISC-V ISA. In secure messaging, the team’s recent white paper on quantum-proofing the Signal Protocol has been well received by the research community.
The NCCoE Migration to Post-Quantum Cryptography project complements NIST’s ongoing process to standardize one or more quantum-resistant public-key cryptographic algorithms. In May 2022, NIST announced the first four quantum-resistant algorithms that will form part of the PQC standard – all of which featured contributions from PQShield. CRYSTALS-KYBER (co-authored by PQShield’s advisory board member, Professor Peter Schwabe) was chosen as the new standard for public-key encryption/KEMs, while Falcon (led and co-authored by PQShield’s Dr Thomas Prest), CRYSTALS-Dilithium and SPHINCS+ (again, co-authored by Professor Peter Schwabe) are set to be standardized for digital signatures..
Ali El Kaafarani, PQShield’s Founder and CEO, says: “We are proud to be working with the NCCoE to ease the transition to a quantum future and make post-quantum cryptography accessible to every organisation that needs it.
“As the project broadens its scope, we are pleased to join with a laser focus on real-world deployment. Our team has built up world-leading expertise into the practical delivery and implementation of post-quantum cryptography, and we look forward to drawing on this to support the NCCoE in its efforts.”
William Newhouse, Security Engineer, NIST National Cybersecurity Center of Excellence, said: “Previous migrations of cryptographic technologies have taken many years. Adding the experience and expertise of all our collaborators supports our project workstream focused on exploring interoperability and performance considerations when one implements PQC signatures and PQC KEM in protocols such as TLS, SSH, QUIC, X.509 as well as their use in HSM implementations.”
About PQShield
PQShield is a post-quantum cryptography (PQC) company creating the global standards and core technologies to power the future security layer of the world’s leading organisations. Its quantum-secure cryptographic solutions work with companies’ legacy systems to protect sensitive data now and for years to come.
It is the only cybersecurity company that can deliver high-quality secure implementations of quantum-safe cryptography on chips, in applications, and in the cloud, and is also an authority on PQC side channel attack resistance, having built a dedicated SCA test lab with partner, Riscure.
PQShield is also a leading contributor to the National Institute of Standards and Technology (NIST) post-quantum cryptography standardisation project, and has contributed multiple cryptographic extensions to RISC-V.
Headquartered in the UK, with teams in the United States, France, Belgium, the Netherlands and Japan, PQShield is principally backed by Addition, Crane Venture Partners, Oxford Science Enterprises (formerly OSI), Kindred Capital, and InnovateUK. Its latest white papers are available to read here.
About the National Cybersecurity Center of Excellence (NCCoE)
As part of NIST, the NCCoE is a collaborative hub where industry organisations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity issues. This public-private partnership enables collaboration in the creation of practical cybersecurity solutions for specific industries, as well as for broad, cross-sector technology challenges. Through consortia under CRADAs, including technology partners, from Fortune 50 market leaders to smaller companies specialising in information technology and operational technology security, the NCCoE applies standards and best practices to develop modular, and easily adaptable example cybersecurity solutions by using commercially available technologies. The NCCoE documents these example solutions in the NIST Special Publication 1800 series, which maps capabilities to the NIST Cybersecurity Framework and details the steps needed for another entity to re-create the example solution. NIST does not evaluate commercial products under this Consortium and does not endorse any product or service used. The NCCoE was established in 2012 by NIST in partnership with the State of Maryland and Montgomery County, Maryland.
Information is available at https://www.nccoe.nist.gov