Every business operation hinges on the protection of data. In today’s landscape, the security of crucial data and communication relies on traditional methods of cryptography, like the RSA algorithm. While these algorithms offer protection against current threats, organizations must proactively anticipate and prepare for future risk factors.
The initial set of post-quantum cryptography (PQC) standards was released by the National Institute of Standards and Technology (NIST), marking a significant milestone in the realm of modern cybersecurity. This solidifies the necessity of post-quantum cryptography as a critical cybersecurity priority for enterprises, government entities, and vendors within the supply chain.
NIST has finalized three PQC standards aimed at fortifying the cryptographic infrastructure for the quantum era:
- ML-KEM (derived from CRYSTALS-Kyber) — a key encapsulation system chosen for general encryption purposes, such as accessing secure websites
- ML-DSA (derived from CRYSTALS-Dilithium) — a lattice-based algorithm selected for general digital signature protocols
- SLH-DSA (derived from SPHINCS+) — a hash-based digital signature scheme that is stateless
Since as early as 2021, NIST has been advocating for organizations to commence planning and laying the groundwork for the transition to quantum-safe solutions. The finalization and publication of these three PQC standards offer the necessary assurance and guidance for organizations to adopt and kickstart the process of evolving towards crypto-agility.
How are entities currently getting ready to resist potential attacks from quantum computers in the future?
Over the past 18 months, IBM has interacted with numerous major organizations. These industry leaders have either initiated or are in the process of setting up quantum-safe transformational initiatives as a strategic essential, tackling it from a perspective that incorporates people, processes, and technology. Achieving “quantum safety” requires enhancing cryptographic maturity and reshaping their cryptography initiatives. The goal is to create a robust cryptographic stance that can withstand risks posed by quantum technologies.
The journey towards quantum-safe often begins with identifying and categorizing data to gain insights into the cryptographic resources spread throughout the organization, which allows for the analysis of risks and prioritization of remedial actions. Beyond identification and categorization lies the transformation towards crypto-agility, enabling platforms, systems, and applications to:
- Upgrade cryptography in case of vulnerabilities
- Adapt cryptography in alignment with regulations and emerging threats
- Oversee the correct use of cryptography
- Eliminate outdated cryptographic methods
Curious to learn more? Check out the report from IBM Institute of Business Value, “The quantum clock is ticking: How quantum safe is your organization?”