NIST Releases Post-Quantum Cryptography Practice Guide Draft, Requests Public Comments

Send Feedback to NIST by June 8

The National Institute of Standards and Technology (NIST) seeks public comments on its Post-Quantum Cryptography Practice Guide—a resource to help organizations mitigate risk while planning for replacement/updates of hardware, software, and services that use quantum-vulnerable public-key algorithms. NIST requests comments by June 8.

“The advent of quantum computing technology will render many current cryptographic algorithms ineffective, especially public-key cryptography, which is widely used to protect digital information,” NIST reports. To that end, the migration to post-quantum cryptography will likely create many operational challenges for organizations. Among the biggest challenges: maintaining connectivity and interoperability among organizations and organizational elements during the transition from quantum-vulnerable algorithms to quantum-resistant algorithms.

In its effort to help plan for the replacement of hardware, software, and services that use public-key algorithms and to protect information from future attacks, the NIST National Cybersecurity Center of Excellence (NCCoE) is engaging with industry collaborators that include ANSI member organizations, regulated industry sectors, and the U.S. federal government to inform the preliminary draft.

Ultimately, NIST’s effort includes identifying interoperability and performance challenges that applied cryptographers may face when implementing the first quantum-resistant algorithms NIST will standardize in 2024. Furthermore, the project involves identifying gaps that exist between post-quantum algorithms and their integration into protocol implementations, to be shared with standards development organizations responsible for developing or updating standards that protect systems and related assets.

The preliminary guide, available via NIST’s NCCOE project site, can help organizations:

• identify where and how public-key algorithms are being used on information systems;
• mitigate enterprise risk by providing tools, guidelines, and practices that can be used by organizations in planning for replacement/update of hardware, software, and services that use quantum-vulnerable public-key algorithms; and
• develop a risk-based playbook for migration involving people, processes, and technology.

NIST reports that as the project progresses, this preliminary draft will be updated, and additional volumes will also be released for comment.

Related News:

NIST Announces Transition to New Post-Quantum Cryptographic Standard