The Road to Quantum Safety: Emerging Standards for Quantum-Safe Migration

This note is part of a series of brief discussions addressing the most common and important questions around quantum-safe migration, as highlighted in the article, "What's Your Most Important Question When It Comes to Quantum-Safe Migration?"

In this installment, I focus on the question: "Do We Have New Standards for Algorithms, Protocols, and Industry Specifications for Adopting Quantum-Safe Cryptography?"

As quantum computing advances, organizations worldwide face the pressing challenge of migrating to quantum-safe cryptography (QSC). Developing standards and protocols to ensure secure communications, applications, and critical infrastructure in the quantum era is essential. This article explores emerging standards, and the organizations shaping the future of quantum-safe cryptography. While not exhaustive, it serves as a valuable starting point.

Organizations aiming to adopt quantum-safe cryptography must closely examine the standards, specifications, and guidelines across the hierarchy of algorithms, protocols, applications, and industry-specific requirements.

NIST PQC Algorithms

The foundation of quantum-safe cryptography lies in the development of secure algorithms, and the National Institute of Standards and Technology (NIST) is leading the efforts to select and standardize post-quantum cryptographic algorithms since 2015.

By the end of the third round of NIST’s PQC standardization process in July 2022, four candidate algorithms were selected for standardization: one algorithm (CRYSTALS-KYBER) for key establishment, and three (CRYSTALS-Dilithium, FALCON, SPHINCS+) for digital signatures.

In a landmark announcement in August 2024, NIST published its first set of PQC algorithms:

• FIPS 203: ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism), formerly CRYSTALS-KYBER.

• FIPS 204: ML-DSA (Module-Lattice-Based Digital Signature), formerly CRYSTALS-Dilithium.

• FIPS 205: SLH-DSA (Stateless Hash-Based Digital Signature), formerly SPHINCS+.

A draft standard for FIPS 206 (FN-DSA, formerly FALCON) is expected by late 2024.

This is just the beginning. More PQC algorithms are in the pipeline, and NIST has announced a fourth round of candidate algorithms for key establishment mechanisms, and call for additional digital signature proposals to be considered in the PQC standardization process.

Additionally, NIST has published NIST SP 800-208, Recommendation for Stateful Hash-Based Signature Schemes, approving use of two stateful hash-based signature schemes: the eXtended Merkle Signature Scheme (XMSS) and the Leighton-Micali Signature system (LMS) as specified in Requests for Comments (RFC) 8391 and 8554, respectively in 2020. NIST also cautioned that “Stateful hash-based signature schemes are secure against the development of quantum computers, but they are not suitable for general use because their security depends on careful state management. They are most appropriate for applications in which the use of the private key may be carefully controlled...”.

Cybersecurity agencies in some countries are exploring additional PQC algorithms alongside NIST selected algorithms. For example, BSI Germany and ANSSI France are considering FrodoKEM, and Classic McEliece PQC algorithms as part of their guidelines for adopting PQC. However, countries like South Korea, China and Russia are expected to have their own set of PQC standards which may differ from those published by NIST.

IETF Security Protocols

Algorithms alone are not enough. Though they form the core layer of defense, the protocols applying these algorithms must also evolve to be quantum safe.

The Internet Engineering Task Force (IETF) is working actively to integrate post-quantum cryptography (PQC) into essential internet protocols, ensuring that internet security withstands future quantum threats. Several working groups (WGs) are actively updating and developing RFCs/standards to support the transition to PQC.

Key PQC Integration Efforts Across IETF Working Groups:

• TLS (Transport Layer Security): The TLS WG is adapting TLS 1.3 to support quantum-safe communication through hybrid key exchanges, combining traditional algorithms with post-quantum options. This hybrid approach offers a secure transition path in the presence of future quantum threats.

• IPsec/IKEv2 (Internet Key Exchange): The IPSECME WG is developing hybrid post-quantum key exchanges for IKEv2, crucial for securing IPsec VPNs and encrypted tunnels.

• X.509 Certificates and PKIX: The LAMP WG is incorporating quantum-resistant algorithms into X.509 certificates, which are central to digital certificate systems and S/MIME for secure email.

• DNSSEC: The DNSOP WG is researching PQC integration into DNSSEC to gain a detailed understanding of the impacts prior to creating and adopting standards or beginning a transition to a PQC DNSSEC to ensure domain name authenticity against quantum-enabled attacks.

• OpenPGP: The OpenPGP WG is working on securing email encryption with post-quantum algorithms. The group is investigating post-quantum public-key algorithm extensions for the OpenPGP protocol to secure email communications.

• PQC Research and Cryptographic Advice: The Crypto Forum Research Group (CFRG) plays a central role in evaluating and recommending post-quantum cryptographic algorithms for use across IETF protocols. Working closely with NIST, the CFRG assesses the security, efficiency, and practicality of PQC algorithms for integrating into security protocols.

• Cross-Protocol PQC Integration: The PQUIP (Post-Quantum Use In Protocols) WG is dedicated to the overall adoption of post-quantum cryptography across a range of IETF protocols. It coordinates efforts to ensure that protocols can smoothly transition to quantum-safe cryptography without sacrificing security or performance. PQUIP will provide guidance, discuss issues, and document best practices but will not update protocols or define new cryptographic mechanisms.

IETF’s multi-layered approach ensures that key internet protocols like TLS, IKEv2, DNSSEC, PKIX, OpenPGP and others, are prepared for quantum threats, while balancing the challenges of increased key sizes, computational costs, and bandwidth requirements.

Other Global Standards Bodies

In addition to NIST and IETF, various standards bodies are addressing the security risks posed by quantum computers by developing PQC standards, frameworks, guidelines, and recommendations.

• ISO/IEC (International Organization for Standardization / International Electrotechnical Commission): ISO/IEC is developing international standards for the deployment and use of PQC in various applications and industries. The ISO/IEC JTC 1/SC 27 Committee focuses on information security, cybersecurity, and privacy protection standards, including post-quantum cryptographic techniques. They aim to align global standards with the outputs from NIST and other organizations to ensure interoperability and a smooth global transition to PQC.

• ENISA (European Union Agency for Cybersecurity): ENISA supports the development of cybersecurity standards and is involved in setting guidelines and recommendations for the transition to PQC across Europe. ENISA provides frameworks for adopting PQC within Europe’s critical infrastructure sectors, such as finance, healthcare, and government services. Its publications include strategic guidelines for a phased migration to post-quantum systems.

• ETSI (European Telecommunications Standards Institute): ETSI’s Quantum-Safe Cryptography (QSC) WG is focused on developing standards for quantum-safe cryptographic algorithms and their integration into telecommunications and ICT infrastructure. It has published various reports and guidelines on quantum-safe cryptography, outlining strategies for implementing PQC in telecommunication systems.

These bodies are crucial for creating a global framework to ensure secure communication, data protection, and infrastructure security as quantum computing becomes a reality.

Industry-Specific Standards for Quantum-Safe Migration

In addition, industry-specific bodies, from finance and telecommunications to healthcare, automotive, and government, are developing or adopting standards to ensure that critical systems and services can migrate securely to quantum-safe cryptography. These standards address the unique challenges faced by each industry as they prepare for the advent of quantum computing. Collaboration between industry standards bodies, global organizations, and national agencies is essential to integrate quantum-safe cryptographic solutions into critical systems, guiding industries through a smooth and secure transition to the post-quantum era.

Conclusion

The transition to quantum-safe cryptography is a multi-faceted challenge requiring organizations to stay up-to-date with emerging standards across algorithms, protocols, and industry-specific frameworks. The development of quantum-safe standards is still in progress, and organizations should consider all relevant standards and guidelines when planning their quantum-safe migration journey.

While this article provides a starting point, a comprehensive approach tailored to your industry’s specific requirements will be essential to ensuring long-term security in the quantum era.

💡 Need guidance on quantum-safe migration? Let’s connect. We specialize in helping organizations assess quantum risks and develop robust migration strategies.

📩 Reach out directly to learn how you can secure your organization for the quantum future.