Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
UK: NCSC issues new whitepaper on preparing for post-quantum cryptography
On August 14, 2024, the National Cyber Security Centre (NCSC) published a whitepaper titled 'Next Steps in Preparing for Post-Quantum Cryptography.' The whitepaper offers guidance for system and risk owners in various sectors on planning for the migration to post-quantum cryptography (PQC).
Risks of quantum computers
The whitepaper discusses the potential risks posed by future quantum computers to current cryptographic systems, particularly traditional public key cryptography (PKC) algorithms. The whitepaper notes that as quantum computing advances, these algorithms could become vulnerable, threatening the security of long-term high-value information. The whitepaper recommends adopting PQC algorithms designed to resist attacks from both classical and quantum computers.
Preparing for PQC migration
The whitepaper outlines the implications of migrating to PQC for various types of systems:
- Commodity IT: For standard IT systems, the transition to PQC is expected to occur through routine software updates.
- Enterprise IT: Organizations should engage with IT suppliers on plans to support PQC in their products and integrate financial planning for PQC updates into broader technology refreshes.
- Bespoke IT and Operational Technology: For systems with specialized needs organizations are advised to select PQC algorithms and protocols tailored to their specific requirements.
Key takeaways from the whitepaper
The whitepaper concludes with several key points for system and risk owners:
- most current PKC algorithms will be vulnerable to future quantum computers, making PQC a necessary mitigation strategy;
- symmetric cryptography and secure hash functions can continue to be used with appropriate key sizes;
- system upgrades to PQC should be coordinated with broader technology refreshes;
- National Institute of Standards and Technology (NIST)-standardized algorithms are recommended for general-purpose use, with specific parameter sets providing varying levels of security; and
- post-quantum traditional (PQ/T) hybrid schemes are suggested as a temporary measure, with a focus on transitioning to a fully PQC framework.
You can read the whitepaper here.