Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

UK: NCSC issues new whitepaper on preparing for post-quantum cryptography

On August 14, 2024, the National Cyber Security Centre (NCSC) published a whitepaper titled 'Next Steps in Preparing for Post-Quantum Cryptography.' The whitepaper offers guidance for system and risk owners in various sectors on planning for the migration to post-quantum cryptography (PQC).

Risks of quantum computers

The whitepaper discusses the potential risks posed by future quantum computers to current cryptographic systems, particularly traditional public key cryptography (PKC) algorithms. The whitepaper notes that as quantum computing advances, these algorithms could become vulnerable, threatening the security of long-term high-value information. The whitepaper recommends adopting PQC algorithms designed to resist attacks from both classical and quantum computers.

Preparing for PQC migration

The whitepaper outlines the implications of migrating to PQC for various types of systems:

  • Commodity IT: For standard IT systems, the transition to PQC is expected to occur through routine software updates.
  • Enterprise IT: Organizations should engage with IT suppliers on plans to support PQC in their products and integrate financial planning for PQC updates into broader technology refreshes.
  • Bespoke IT and Operational Technology: For systems with specialized needs organizations are advised to select PQC algorithms and protocols tailored to their specific requirements.

Key takeaways from the whitepaper

The whitepaper concludes with several key points for system and risk owners:

  • most current PKC algorithms will be vulnerable to future quantum computers, making PQC a necessary mitigation strategy;
  • symmetric cryptography and secure hash functions can continue to be used with appropriate key sizes;
  • system upgrades to PQC should be coordinated with broader technology refreshes;
  • National Institute of Standards and Technology (NIST)-standardized algorithms are recommended for general-purpose use, with specific parameter sets providing varying levels of security; and
  • post-quantum traditional (PQ/T) hybrid schemes are suggested as a temporary measure, with a focus on transitioning to a fully PQC framework.

You can read the whitepaper here.