Defending against the cryptographic risk posed by quantum computing
+ The National Security Agency is responsible for protecting NSS against quantum computing risks. In 2015, NSA published guidance highlighting the need to prepare for the advent of a quantum computer, and encouraging the development of post-quantum cryptographic algorithms.
+ The National Institute of Standards and Technology has just named algorithm finalists in a program to standardize post-quantum algorithms for broader government and public use. Shortly after round three of NIST’s process is completed, NSA intends to select a post-quantum algorithm suite chosen from the NIST selected algorithms, and announce a timeframe for transition. U.S. entities employing non-NSS should plan to comply with NIST standards and deadlines.
As NSS owners, operators and NSA work together, protection against a quantum computer can be achieved before the quantum computing threat arrives.
+ In addition to the preparations the cryptographic community is making to deliver a set of high quality post-quantum algorithms, there are four steps NSS owners and operators should take now:
+ (1) Determine the potential issues their organizations and systems will likely face based on post-quantum algorithm performance characteristics;
+ (2) Analyze the reliance their systems have on current public-key technology, and plan accordingly;
+ (3) Maintain awareness of NSA guidance and policy (see below);
+ (4) Reach out to NSA with questions, comments, or concerns regarding this significant algorithm transition process. NSA’s Cybersecurity Requirements Center can be reached via email.
Content may have been edited for style and clarity. The “+” to the left of paragraphs or other statements indicates quoted material from “Source:” document. Boldface title is original title from “Source:” Italicized statements are directly quoted from “Source:” document. Image sources are indicated as applicable.