PQC standardisation process.
A cryptographically relevant quantum computer (CRQC) will render most contemporary public key cryptography (PKC) insecure, thus making ubiquitous secure communications based on current PKC technology infeasible.
The Australian Signals Directorate (ASD) is aware of the risks presented by the creation of a CRQC and encourages organisations to consider anticipating future requirements and dependencies of vulnerable systems during the transition to PQC standards.
Post-quantum cryptography is a field of cryptography dedicated to the creation and analysis of cryptographic algorithms that derive their security from mathematical problems considered difficult for both classical and quantum computers. PQC offers a low-cost, practical path to maintain the properties of secure communications systems in the presence of a CRQC.
ASD has not currently selected preferred PQC algorithms.
Selection will be informed by the NIST process to develop and standardise PQC algorithms. Candidate algorithms are evaluated and scrutinised in successive rounds to ensure the new standards will meet the requirements to protect sensitive data. ASD will evaluate each PQC algorithm based on its merits. Organisations can choose to pilot and prototype with candidate algorithms in test environments, ahead of use in production systems.
ASD assesses that currently approved cryptography provides the most effective communications security option at this time. ASD will provide updated advice and doctrine, including a roadmap outlining a transition to PQC, in due course.
Those organisations with particularly sensitive cryptographic systems are encouraged to pilot PQC algorithms in separate test environments and discuss their anticipated PQC needs with vendors or those involved in post-quantum cryptographic research.
More broadly – including outside of cryptographic applications – the Australian industry is encouraged to continue research and development of quantum technologies. This should include practical vulnerability research to better understand the risks associated with employing quantum technologies.
NIST also plans to issue a new Call for Proposals for public-key (quantum-resistant) digital signature algorithms by the end of summer 2022.
NIST is primarily looking to diversify its signature portfolio, so signature schemes that are not based on structured lattices are of greatest interest. NIST would like submissions for signature schemes that have short signatures and fast verification.