Quantum Computing News

NIST NCCoE

Amid the impending quantum threat, NIST NCCoE releases significant drafts on the migration of post-quantum cryptography.

The National Institute of Standards and Technology (NIST)’s National Cybersecurity Centre of Excellence (NCCoE) has released a number of important draft documents designed to help organizations navigate the challenging Post-Quantum Cryptography (PQC) transition. These publications contain early versions of the practice guides NIST SP 1800-38A, 38B, and 38C as well as the first public draft of Cybersecurity White Paper (CSWP) 48.

This noteworthy release is a component of the NCCoE’s continuing initiative, which aims to illustrate useful capabilities and procedures that facilitate an organization’s transition to PQC, or quantum-resistant cryptography. The initiative is a strong partnership between more than 50 government and industry organizations.

You can also read Finite Blocklength Coding Solves CQ Channel Amplitude Noise

Countering the “Harvest Now, Decrypt Later” Threat

The foundation of protecting sensitive electronic data from unwanted access is cryptographic methods. These algorithms have been strong enough to withstand attacks using traditional computers for decades. The emergence of quantum computing in the future, however, presents a serious risk since it might be able to crack existing encryption techniques, making data and information susceptible.

Organizations are being strongly urged to begin planning immediately to migrate to PQC, particularly to secure their high value, long-lived sensitive data. Although there are many different opinions on when a quantum computer that is useful to cryptography will be constructed, some experts believe it might happen in less than ten years. There has historically been a significant delay between standardizing a new algorithm and fully integrating it into information systems, which makes the current migration efforts much more urgent.

The imminent threat is caused by a particular kind of cyberattack called “harvest now, decrypt later.” In this attack, the adversary actively attempts to obtain and retain encrypted data even when they are now unable to crack the encryption. It is hoped that they will be able to crack the encryption and retrieve the secrets with the help of a potent quantum computer that is constructed later. Adopting new cryptographic techniques Post-Quantum Cryptography PQC that can safeguard data from both today’s conventional computers and tomorrow’s quantum computers is necessary to counteract this quantum capacity.

You can also read NERSC: National Energy Research Scientific Computing Centre

Aligning PQC Migration with Existing Risk Frameworks

CSWP 48, Mappings of Migration to PQC Project Capabilities to Risk Framework Documents, is a key component of the NCCoE’s most recent release. The purpose of this white paper is to help organizations close the gap between their present risk management procedures and PQC migration steps.

The NCCoE Migration to PQC project’s capabilities are mapped by CSWP 48 to particular security goals and controls that can be found in two of NIST’s most crucial cybersecurity risk management documents:

1. NIST Cybersecurity Framework 2.0 (CSF 2.0): This extensively used framework aids businesses in efficiently managing and lowering cybersecurity risk.
2. Security and Privacy Controls for Information Systems and Organizations (SP 800-53): This paper provides an extensive list of security measures that organizations can use to safeguard their information systems.

The report assists organizations in coordinating their PQC migration endeavors with their established security outcomes and more comprehensive cybersecurity risk management procedures by offering these mappings. It also helps organizations determine the precise security goals and controls required for a successful PQC conversion deployment.

You can also read AMO Qubits: Scalable Decoding for Faster Quantum Computing

A Collaborative Approach to Practical Implementation

Making the procedure more feasible and controllable for a wide range of users, including developers, product integrators, and customer organizations, is the main objective of the PQC migration project. The project is organized around two main workstreams in order to accomplish this:

• Cryptographic Discovery: Using inventory techniques, this workstream assists organizations in pinpointing the precise locations and modes of cryptography’s existing use within their systems.
• Interoperability Testing: This stream is intended to support standards bodies as they update standardized protocols to incorporate PQC and to help vendors adopt new PQC algorithms. Importantly, the testing attempts to find and fix compatibility problems in a controlled setting, which will eventually cut down on the amount of time that individual organizations need to devote to their own migration activities.

The combined efforts of more than 50 organizations are very beneficial to this endeavor. Major IT and financial companies like Amazon Web Services (AWS), Cisco Systems, Google, IBM, JPMorgan Chase, Keyfactor, Microsoft, and Palo Alto Networks are prominent participants in this endeavor. Importantly, the National Security Agency (NSA) and other government agencies are also important partners. Mitigating the “harvest now, decrypt later” threat is the direct goal of this collaborative endeavor.

The NCCoE has also released early drafts of NIST SP 1800-38A, 38B, and 38C in addition to CSWP 48. These documents function as practice guides, offering the essential direction for a variety of technical and leadership roles, particularly program managers, corporate decision-makers, and IT specialists, on how to carry out the PQC conversion.

There is a vital chance for the general people to help create these core papers. The NCCoE project page is where you can visit to provide feedback on the paper. To stay informed about the project and continue to participate in the ongoing migration efforts, the NCCoE invites interested parties to become members of their PQC Community of Interest (COI). The NCCoE team’s dedicated email address can also be used to contact them with enquiries or further details. The publication of these important documents emphasizes how urgent and vital it is to get information systems ready for the quantum era.

You can also read  What Is Qubit? Different Types Of Qubits & Its Advantages