Skip to main content

NIST’s post-quantum cryptography standards: Our plans

Read about our product plans and predictions regarding NIST’s recent recommendations for post-quantum cryptography standards.

Sep 04 2024Rich Dubose, Mohan Madhvapathy Rao

When quantum computing research began to emerge in the 1980s and ‘90s, experts were already thinking about how this new technology could be exploited for cyber attacks. As industry and nation-state sponsored projects began to create quantum computers, the US National Institute of Standards and Technology (NIST) recognized the need to build post-quantum secure cryptography.

In 2016, NIST sponsored a worldwide competition to address the threats posed by quantum computers. The competition received thousands of entries, and after evaluating multiple schemes over several iterations, in August 2024 NIST published three recommended cryptographic standards:

  1. ML-KEM
  2. ML-DSA
  3. SLH-DSA

A fourth recommended standard, referred to as FN-DSA, based on FALCON, is expected later this year.

The publication of the initial Post-Quantum-Cryptography (PQC) standard schemes represents a significant milestone in the global effort to prepare for the arrival of quantum computers. These recommendations empower companies, technology providers, and users to adopt new encryption methodologies to help communications and data exchange remain secure when quantum computers become available at scale.

Quantum Readiness cover

»The quantum computing threat

Despite the global race to develop quantum computers, many industry experts estimate that the availability of large-scale quantum computers is likely still a few decades away. Quantum computers are based on harnessing the quantum properties of subatomic particles, giving them exponentially greater computing capabilities than today’s fastest machines. Further, the development of Shor's algorithm, which is designed to run on quantum computers, has made it possible for bad actors to rapidly compromise the foundations of our current digital communications; public-key cryptography (PKC) algorithms such as RSA, ECC, etc.

Though the direct threat from quantum computers may still be decades in the future, enterprises need to:

  • Take immediate steps to reduce security risks associated with long-lived sensitive data
  • Develop a plan for learning and implementing quantum-safe solutions
  • Stay informed on the evolving best practices

»Protect long-lived sensitive data

The immediate enterprise risk concerns the security of long-lived sensitive business data. Bad actors are already seeking to extract such data using what is commonly referred to as harvest-now-decrypt-later strategy in the security community.

Attackers often target improperly secured credentials or comprise insecure communications involving services and infrastructure that are intended to secure sensitive data. Once they gain access to sensitive data, they will exfiltrate and store the data on their own systems. Eventually, when quantum computers become available, the bad actor will leverage the computational power of quantum computers to crack the encryption and view the data.

To mitigate this risk, enterprises should enforce zero trust security policies and practices. The key to enterprises’ zero trust architectures will be a battle-tested, automated secrets management solution to act as your organization’s central identity broker. Secrets management solutions are the best way for enterprises to safeguard credentials, keys, and secrets, making it significantly harder for bad actors to gain access to sensitive data in the first place. And with best practices like dynamic secrets in place, access for attackers would be short-lived.

»Perform impact analysis of post-quantum solutions

While NIST has published standards for the initial set of post-quantum cryptography (PQC) algorithms, it takes time to develop production-grade implementations, including language support, libraries, testing, industry vetting, etc. The cryptographic community, vendors, and industry contributors are already collaborating with NIST-NCCOE towards that end.

However, it would be prudent for organizations to begin experimenting with available PQC implementations to assess potential changes needed to ensure that the existing systems can function across existing and quantum-based cryptography.

»HashiCorp’s approach for PQC

Given the experimental nature and the complexities of PQC-based solutions, HashiCorp plans to develop and deliver quantum and hybrid PQC solutions in a staged manner, starting with PQC support in the Vault transit secrets engine.

In upcoming Vault releases, HashiCorp plans to adopt or build PQC implementations for the three NIST-established PQC algorithms (and any subsequent standardized algorithms in the future) along with the associated key types in the transit secrets engine. We will continue to research and build support for hybrid schemes that enable current and post-quantum cryptography algorithms to coexist in transit and other Vault secrets engines. With this approach, enterprises can begin evaluating outputs and plan for changes.

Also, when the Go programming language and the standards bodies arrive at consensus in terms of maturity for hybrid schemes (schemes for PKI are one example) we plan to incorporate those implementations into Vault and other HashiCorp products.

»Combating the post-quantum threat

Given the extensive use of public key cryptography (PKC) protocols across enterprise systems and services, enterprises should consider creating a PQC readiness plan incorporating the following actions:

»Institute a post-quantum readiness program/task force

A PQC readiness task force can help with planning, accountability, and execution of PQC implementation. It can help the enterprise stay current on the latest developments from NIST- NCCoE/ETSI and assess third-party vendors based on their PQC plans.

»Prioritize and assess high-risk assets/data

High-risk assets may be defined in terms of business value and associated lifecycle management practices, such as backup and recovery procedures, end-of-life assets, audit, and archival. Threat actors, for example, often target assets and data that are not closely monitored compared to actively used assets.

»Discover and inventory cryptographic usage and dependencies

Successful PQC implementation requires understanding the use of current cryptography. Tracking cryptographic usage is also a security best practice for developing crypto-agility, which is the ability to rapidly switch cryptographic algorithms should the currently used algorithm become vulnerable.

»Enforce zero trust security

Continue to ensure existing systems and services are patched in a timely manner and enforce current security best practices. Use HashiCorp Vault to secure and automate the secret lifecycle. This helps mitigate the risk of threat actors accessing and egressing sensitive data.

»Migration plan

An enterprise migration plan for implementing PQC solutions should include fallback mechanisms to smooth the transition and minimize operational impact.

»Monitoring

PQC implementation is a complex, wide-ranging, long-haul enterprise effort. That makes it critical for enterprises embarking on the PQC journey to establish an ongoing governance program to monitor progress along the way.

»What’s next for PQC?

HashiCorp welcomes the arrival of the NIST recommendations and is preparing to deploy post-quantum-safe algorithms. We expect large-scale adoption of ML-KEM as support is added and it becomes the new default key agreement. Organizations should update their systems as ML-KEM capable upgrades become available.

Adoption of the ML-DSA and SLH-DSA standards will take longer as data migration paths must be considered. As the security community works toward consensus, the adoption and usage of ML-DSA and SLH-DSA will continue to gain momentum, although NIST predicts the first post-quantum certificates won’t be commercially available until 2026.

Cryptography is at the heart of HashiCorp products. As industry leaders in secrets management, we are fully cognizant of our crucial role in protecting critical enterprise services and infrastructure. We will continue to provide additional information regarding NIST PQC status and our guidance regarding Vault implementations related to PQC in the HashiCorp blog.

Please reach out to sales or support teams if you have additional questions.

»Additional PQC resources

Research

Sign up for the latest HashiCorp news

By submitting this form, you acknowledge and agree that HashiCorp will process your personal information in accordance with the Privacy Policy.

More blog posts like this one

HashiCorp joins IBM to accelerate multi-cloud automation
April 24 2024 | Company
HashiCorp joins IBM to accelerate multi-cloud automation

HashiCorp joins IBM to accelerate the mission of multi-cloud automation and bring the products to a broader audience of users and customers.

HashiConf 2024 scholarship program now open for applications
January 11 2024 | Company
HashiConf 2024 scholarship program now open for applications

Here is your chance to apply for a scholarship to attend HashiConf in Boston, October 14-16.

HashiCorp 2023 year in review: Community
December 21 2023 | Company
HashiCorp 2023 year in review: Community

This year saw tens of thousands of people engage with HashiCorp to achieve HashiCorp certifications, while hundreds of millions downloaded HashiCorp community software.

Manage cookies

HashiCorp uses data collected by cookies and JavaScript libraries to improve your browsing experience, analyze site traffic, and increase the overall performance of our site. By using our website, you’re agreeing to our Privacy Policy and Cookie Policy.

The categories below outline which companies and tools we use for collecting data. To opt out of a category of data collection, set the toggle to “Off” and save your preferences.