The release of the first three finalized post-quantum cryptography (PQC) algorithms by the National Institute of Standards and Technology (NIST) is a milestone event for cybersecurity and marks a critical step forward in preparing the world’s digital infrastructure for the post-quantum era.
NIST is encouraging agencies to begin transitioning to the new standards as soon as possible. Mathematician Dustin Moody, who heads the PQC standardization project for NIST said: “Go ahead and start using these three. We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event.”
There’s an important message being lost or diluted in all the headlines and pundit chatter, even in the quote shared above: there’s no theoretical proof that these algorithms are unbreakable. Over time, they may fail. So too may the other 45 backup algorithms in the NIST hopper.
The best way to combat this uncertainty and to ensure your infrastructure is truly future-proof and quantum resistant is to embrace crypto-diversification. Yes, quantum agility and/or crypto agility are also important strategies, but they differ from a crypto redundant and diversified approach and here’s why.
The practice of crypto-agility is reactionary. The swift changing or swapping of encryption algorithms happens only after a breach occurs or vulnerability is found. But it’s impossible to know or predict with certainty which algorithm will crumble, when, and how. And, unlike ransomware, cyber espionage is a silent practice with no warning signs given to confirm eavesdropping is taking place and that new countermeasures should be taken.
In comparison, crypto-diversification is proactive. It looks to history and assumes all math-based encryption will eventually weaken or fail over time. Like defense-in-depth, crypto-diversification embraces a multilayered defense strategy, encouraging a mix of asymmetric, symmetric, and quantum-based encryption methods for optimal protection.
Quantum Xchange’s Phio TX platform supports crypto-agility and extends this practice and protection levels with a diversified portfolio of current and post-quantum encryption technologies. With Phio TX, there’s no need to choose one method or PQC over another – the platform can support FIPS 203, FIPS 204, FIPS 205; any of the 45 others still in the NIST pipeline; physics-based QKD if elected; or a future mathematical breakthrough that comes along. It should be used alongside a crypto-agile strategy to ensure critical data and communications networks don’t fall victim to any one bug, flaw, leaked certificate or PQC.
As you embark on your inevitable journey toward quantum safety, Quantum Xchange offers the solutions needed to discover and assess cryptographic risk; deploy quantum-proof, diverse and agile cryptography at every layer; and manage enterprise cryptography holistically and through policy.
Because quantum computers are not yet commercially available to test these standardized algorithms in real-world settings, uncertainties will persist. The best way to guard against the quantum threat and cryptography’s single points of failure, is to know your enterprise encryption – where it’s weak or outright lacking – using a continuous monitoring tool like CipherInsights. Then embrace crypto-agility and diversification by leveraging an out-of-band key delivery platform like Phio TX that can bring your existing infrastructure into the quantum era easily and affordably.
Give us a call today to get started.
