While still fairly immature, the advance of post quantum cryptography (PQC) has crossed a number of important milestones in the last year. In this article, Michela Menting, cybersecurity applications research director at ABI Research, provides a snapshot of various policy positions across countries leading in PQC development.
Driven by standardization development organizations (SDOs) initially to define algorithms, protocols, and recommended implementations for various applications, PQC’s continued development and eventual adoption will be reliant upon government endorsement of particular standards and effective policy guidance on PQC migration.
United States
The United States is the most advanced country, to date, on both the standardization front and in driving a coordinated national strategy with supporting policy and recommendations.
The U.S. National Institute of Standards and Technology (NIST) is the foremost standardization organization for PQC algorithms (see the project page here). It began the process in 2017 with an open call for candidate algorithm submission for key encapsulation mechanisms (KEMs) and digital signature algorithms (DSAs), with the goal being to standardize the most promising ones. Most other SDOs (national and international), national certification and regulatory agencies, and industry groups are waiting for the NIST PQC standardization process to be complete and the standards published before providing their own recommendations and solutions, most of which will be based largely on NIST’s final algorithmic choices.
In July 2022, NIST announced the first batch of algorithms that had been selected for standardization (see the table below). A second batch (Round 4) is set to be announced in 2023, and a new call for proposals for DSAs was also launched. It is expected that NIST will publish the first PQC standards in the 2024 to 2025 time frame.
| Type | Status | Key Encapsulation Mechanism | Digital Signature Algorithm |
| Lattice | Selected for Standardization
Selected for Standardization |
CRYSTALS-Kyber | CRYSTALS-Dilithium
Falcon |
| Code-Based | Round 4 | Classic McEliece | |
| Round 4
Round 4 |
BIKE
HQC |
||
| Hash | Selected for Standardization | SPHINCS+ | |
| SP 800-208 published in 2020
SP 800-208 published in 2020 |
XMSS
LMSS |
In the United States, there is already significant coordination of and investment in developing quantum in general (e.g., communications, computing, networks, etc.) and cybersecurity within the quantum. These efforts have been boosted by a series of policy documents and regulatory initiatives that are driving PQC planning and action within the country:
The U.S. influence in this sphere is significant and internationally respected, as are U.S. standardization efforts, particularly because they are multi-disciplinary and internationally inclusive and will drive recommendations and best practices in other national and industry PQC agendas.
See More: Post-Quantum Cryptography: Are You Prepared for “Y2Q”?
France
France’s influence in the quantum and crypto space is also global, and the country is highly focused on driving PQC technology development and market emergence. In January 2022, the French national security agency (Agence nationale de la sécurité des systèmes d’information (ANSSI)) published a position paper. It recommended immediately introducing PQ defenses throughout the private sector. The paper proposes a provisional transition agenda for PQC:
-
- Phase 1 (today): “Hybridation” to provide some additional PQ defense-in-depth to the pre-quantum security assurance.
- Phase 2 (not earlier than 2025): “Hybridation” to provide PQ security assurance while avoiding any pre-quantum security regression.
- Phase 3 (probably not earlier than 2030): Optional standalone PQ cryptography.
In its position paper, ANSSI does not endorse any replacement of currently used algorithms in the short and medium term. However, it states that the chosen algorithm should have stable and well-studied specifications (e.g., be a NIST finalist or a trusted alternate finalist). Further, ANSSI recommends that organizations should not postpone deployments and encourages them to start planning their PQ transition now.
Germany
Germany’s BSI (the country’s federal cybersecurity authority) position in terms of PQ transition is similar to that published by France’s ANSSI. The BSI recommends that PQC should be used in hybrid mode (for key agreement procedures and signature schemes). Hash-Based Signatures (HBSs) can be used on their own (i.e., not in hybrid mode). The BSI states that stateful schemes should only be used in systems where the reuse of key material can be excluded.
Beyond that, the BSI has already endorsed the use of a few PQC algorithms, something ANSSI has not yet done (see the table below).
| Type | Status | KEM | DSA |
| Lattice | Recommended in TR-02102-1 | FrodoKEM | CRYSTALS-Dilithium
Falcon |
| Code-Based | Recommended in TR-02102-1 | Classic McEliece | |
| Hash-Based | Recommended in TR-02102-1 in 2021 | LMS
XMSS |
SPHINCS+ |
Germany’s Federal Ministry of Education and Research (BMBF) is promoting the development of long-term secure cryptography and its efficient implementation as part of the Federal Government’s research framework program on Information Technology (IT) security titled “Self-determined and secure in the digital world 2015-2020.”
China
The Chinese Association for Cryptographic Research (CACR) launched a nationwide cryptography algorithm competition in 2020 for KEM/Public Key Encryption (PKE) and DSA. The competition, however, was open only to Chinese candidates, and information on the candidates was not widely available. The winners were announced publicly (see the table below), and some additional information on primary designers has been made publicly available in various international SDO forums, including the International Telecommunication Union (ITU) and ETSI.
| KEM/PKE | Digital Signatures |
| 1st Prize: LAC.PKE (Kyber-based), Aigis-enc, Aigis-sig (Dilithium-based) | 1st Prize: uBlock, Ballet |
| 2nd Prize: LAC.KEX, SIAKE, SCloud, AKCN (original name AKCN-ML WE) | 2nd Prize: FESH, ANT, TANGRAM |
| 3rd Prize: OKCN (original name SKCN-ML WE), Fatseal, 木兰 (Mulan), AKCN-E8, TALE, PKP-DSS, Piglet-1 | 3rd Prize: Raindrop, NBC, FBC, SMBA, SPRING |
While there is little interest in Chinese standards for industry usage outside of China, the CACR-chosen winners will be significantly influential within the country and for domestic market developments. It appears some of the winners are variants of NIST candidate standards, and China is clearly watching the NIST standardization process as intently as others in the field.
Japan
The Cryptography Research and Evaluation Committee (CRYPTREC), in partnership with the National Institute of Information and Communication Technologies (NICT) and the Information-technology Promotion Agency (IPA), is tasked with evaluating and monitoring the security of cryptographic techniques used in Japanese e-Government systems. The Cryptanalysis Evaluation WG is in charge of evaluating and approving candidate ciphers. The WG published a number of reports on PQC as early as 2015.
CRYPTREC expects to start developing PQC guidelines during the 2022 to 2023 period, and strong participation from Japanese industry is expected, with some industry players also actively involved in other international standardization efforts.
See More: Post-Quantum Cryptography: Nine Industries at Risk From “Y2Q”
United Kingdom
The United Kingdom appears to be more focused on Quantum Key Distribution (QKD) than PQC, and its efforts around innovation and driving market adoption are more limited than the other countries mentioned above. The National Cyber Security Centre (NCSC) has published a position paper on preparing for PQC. The NCSC guidance for PQC algorithms will follow the outcome of the NIST process by recommending specific chosen algorithms for representative use cases. It recommends waiting for the publication of the NIST standards before integrating any PQC algorithms into market products. However, it does offer to advise organizations directly on deploying mitigation strategies if requested. It does not recommend early adoption of non-standardized PQC.
Much of the research and innovation seems to be coming out of academia, with many U.K. PQC startups being spinoffs of U.K. university programs and projects. These seem to have greater international influence on international SDO efforts than the U.K. government.
The Future of Post Quantum Cryptography
As the migration towards post quantum cryptography continues, enterprises must collectively focus on avoiding mistakes made in the past to ensure high assurance security for users. While the debate around non-standardised PQC is on, it should not deviate or stall growth when it comes to leveraging PQ defenses in the private or public sectors. It would be interesting to observe the field as governments fine-tune regulations around standards and policy to ensure highest effectiveness.
How are you preparing for the changing PQC field? Share your thoughts with us on Facebook, Twitter, and LinkedIn.
Image Source: Shutterstock
MORE ON CRYPTOGRAPHY
About Expert Contributors: The Expert Contributor program is designed to help kickstart meaningful conversations around the priorities and challenges most critical to C-level executives. The insights and perspectives will help CIOs tackle what’s most important to them. We are always looking for industry thinkers who can help set the narrative for our enterprise audience. To know more about this program, and submit your ideas, reach out to the Spiceworks News & Insights Editorial team at editorial-toolbox@ziffdavis.com.
About the Author:
Michela Menting, Research Director at ABI Research, delivers analyses and forecasts focusing on digital security. Through this service, she studies the latest solutions in cybersecurity technologies, blockchain, the Internet of Things (IoT), and Critical Infrastructure Protection (CIP), risk management and strategies, and opportunities for growth. She then delivers end-to-end security research, from the silicon to cyber-based applications, closely analyzing technology trends and industry-specific implementations.
About ABI Research:
ABI Research is a global technology intelligence firm delivering actionable research and strategic guidance to technology leaders, innovators, and decision makers around the world. Our research focuses on the transformative technologies that are dramatically reshaping industries, economies, and workforces today.
