720-891-1663

Return to list of client alerts

Get Ready to Replace ALL of Your Cryptography

As expected, in preparation for quantum computing becoming real, soon, NIST has released 4 new post-quantum computing encryption algorithms.

While they won’t be a published standard until 2024, NIST recommends people get ready for it. You will be surprised how many “systems” use encryption.

The four selected algorithms are:

For general encryption, used when we access secure websites, NIST has selected the CRYSTALS-Kyber algorithm. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation. 

For digital signatures, often used when we need to verify identities during a digital transaction or to sign a document remotely, NIST has selected the three algorithms CRYSTALS-DilithiumFALCON and SPHINCS+ (read as “Sphincs plus”). Reviewers noted the high efficiency of the first two, and NIST recommends CRYSTALS-Dilithium as the primary algorithm, with FALCON for applications that need smaller signatures than Dilithium can provide. The third, SPHINCS+, is somewhat larger and slower than the other two, but it is valuable as a backup for one chief reason: It is based on a different math approach than all three of NIST’s other selections.

Three of the algorithms are based on the math problem structured lattices; the last is a hash function.

There are four more algorithms still under consideration and are designed for general encryption. They do not use lattices or hash functions.

The algorithms are available on the NIST web site.

You should assume that if you are part of one of the critical infrastructure categories like financial services, healthcare, energy, defense and many others, you will either be required to upgrade or expected to upgrade by your customers.

VENDORS ARE LIKELY TO END-OF-LIFE PRODUCTS THAT THEY CANNOT UPGRADE, LEAVING YOU WITH SOME NASTY CHOICES. START ASKING YOUR VENDORS NOW.

CISA has laid out a plan for getting ready –

  • Inventorying every single place you use any form of encryption
  • Testing new algorithms
  • Creating a plan for the transition
  • Creating acquisition policies for new systems that incorporate the new algorithms
  • Alerting everyone about the required changes
  • Educate your workforce

Now is a good time to start planning.

If you need assistance with this, please contact us.

Credit: NIST and CISA