Full Report
As estimates of the quantum computing power needed to crack current public key encryption algorithms continue to drop, a group of technology companies and organizations is urging users to begin migrating toward post-quantum cryptographic standards now. To help organizations with the transition to post-quantum cryptography, the Post-Quantum Cryptography Coalition (PQCC) released a migration roadmap today to guide companies through the phases of that journey. “As quantum computing technology continues to advance, organizations cannot afford to delay preparing for these transformative changes and threats to their security,” Wen Masters, MITRE’s vice president of cyber technologies, said in a statement. MITRE is one of the founding members of PQCC, along with SandboxAQ, PQShield, IBM Quantum and Microsoft. The roadmap’s release comes just days after the publication of a paper that reduced by more than 95% the estimated quantum computing power needed to crack RSA-2048 encryption keys. Quantum Computing Power Needed to Crack RSA-2048 Lowered That paper, by Craig Gidney of Google Quantum AI, updates a 2019 paper Gidney co-authored that estimated that 2048-bit RSA integers could be broken in eight hours by a quantum computer with 20 million noisy qubits. “In this paper, I substantially reduce the number of qubits required,” Gidney wrote in the new paper published on arXiv. “I estimate that a 2048 bit RSA integer could be factored in less than a week by a quantum computer with less than a million noisy qubits.” In a blog post on the paper, Gidney said that current quantum computers with relevant error rates “have on the order of only 100 to 1000 qubits,” and the National Institute of Standards and Technology (NIST) is leading efforts to develop post-quantum cryptographic algorithms “that are expected to be resistant to future large-scale quantum computers. However, this new result does underscore the importance of migrating to these standards in line with NIST recommended timelines.” In a November 2024 report, NIST said that “even if quantum computers are a decade away, organizations must begin the migration to postquantum cryptography today to avoid having their encrypted data exposed once quantum computers become operational in the future.” While certain applications may require post-quantum cryptography (PQC) sooner, NIST and U.S. federal systems have set an “overall goal of achieving widespread PQC adoption by 2035.” In an April update, PQCC noted that only three PQC standards have seen “some adoption” so far: SSH, TLS 1.3, and IKE/IPSec. Here is PQCC’s standards adoption heatmap: [caption id="attachment_103094" align="aligncenter" width="1333"] Post-quantum cryptography standards development and adoption (PQCC)[/caption] Post-Quantum Cryptography Migration Roadmap The 20-page PQCC migration roadmap details four migration phases to help CIOs and CISOs “act decisively, taking proactive steps to protect sensitive data now and in the future.” Those migration phases are: Preparation: Starting with an overview of an organization’s PQC migration aims, assigning a migration lead, identifying stakeholders, “and aligning stakeholders through strategic messaging.” Baseline Understanding: Gathering a baseline understanding of an organization’s data inventory, prioritizing assets to be updated, and establishing required resources and available budget. Planning and Execution: Collaborating with system vendors and internal system owners “to ensure that post-quantum solutions are acquired externally or developed internally and implemented effectively.” Monitoring and Evaluation: Developing measures for tracking migration process and formulating a process “for reassessing cryptographic security as quantum capabilities evolve.” “The process outlined in this roadmap underscores the importance of strategic planning, stakeholder alignment, and continuous monitoring and documentation to adapt to technological advancements and maintain robust security postures,” the migration document concludes. “As the quantum computing landscape continues to evolve, organizations must remain adaptable, tracking updates in guidance to maintain a secure PQC transition.”
Analysis Summary
# Best Practices: Post-Quantum Cryptography (PQC) Migration
## Overview
These practices address the critical need for organizations to proactively begin migrating cryptographic infrastructure to Post-Quantum Cryptography (PQC) standards to protect sensitive data against future cryptographically relevant quantum computers (CRQCs). The guidance is based on a phased roadmap focused on inventory, planning, execution, and continuous monitoring.
## Key Recommendations
### Immediate Actions
1. **Assign a PQC Migration Lead:** Designate a specific individual or team responsible for overseeing the entire phased migration process.
2. **Initiate Stakeholder Alignment:** Immediately begin strategic messaging and alignment among key stakeholders (CIO, CISO, IT Operations, Legal) regarding the necessity and timeline of PQC migration.
3. **Commence PQC Roadmap Review:** Obtain and review the Post-Quantum Cryptography Migration Roadmap (e.g., the PQCC roadmap) to understand the required phases and effort.
### Short-term Improvements (1-3 months)
1. **Establish Data Inventory Baseline:** Begin the process of gathering a comprehensive inventory of all organizational data, focusing on the lifespan, sensitivity, and necessary protection duration for that data.
2. **Prioritize Cryptographic Assets:** Identify and prioritize systems, protocols, and archives that utilize current public-key cryptography and rely on the data identified for long-term protection.
3. **Assess Cryptographic Agility:** Determine the complexity and effort required to update cryptographic libraries, modules, and hardware within current critical systems (e.g., establishing cryptographic agility).
### Long-term Strategy (3+ months)
1. **Vendor Collaboration and Acquisition:** Engage system vendors to understand their PQC transition roadmaps and begin acquiring or developing necessary post-quantum solutions.
2. **Implement and Test PQC Solutions:** Execute the plan to implement selected PQC algorithms across prioritized systems, ensuring effective internal development or external procurement.
3. **Develop Monitoring and Reassessment Processes:** Formulate and document specific Key Performance Indicators (KPIs) and measures to track the migration progress and adapt the strategy as quantum capabilities and PQC standards evolve.
4. **Continuous Reassessment Protocol:** Establish a living process for continuously reassessing cryptographic security posture against evolving quantum threat predictions and new guidance releases.
## Implementation Guidance
### For Small Organizations
- Focus initial efforts on identifying high-value, long-retention data assets (Preparation and early Baseline Understanding).
- Prioritize updating externally facing, vendor-managed services first, leveraging vendor roadmaps.
- Budget minimal allocations for initial discovery and consulting to define the scope.
### For Medium Organizations
- Form a dedicated, cross-functional PQC steering committee (Preparation).
- Conduct a thorough inventory of data stores and the cryptographic protection currently applied (Baseline Understanding).
- Initiate planning for pilot programs using hybrid (classical + PQC) cryptography in non-critical environments during the Planning phase.
### For Large Enterprises
- Implement a formal, centrally managed governance structure for PQC risk management.
- Mandate cryptographic inventory discovery across all business units, mapping dependencies (Baseline Understanding).
- Develop customized, phased execution plans for major system modernization projects to incorporate PQC integration (Planning and Execution).
- Establish rigorous testing environments to validate the performance impact of PQC algorithms before deployment.
## Configuration Examples
*(Note: Specific Post-Quantum Cryptography algorithms are currently standardizing (e.g., by NIST). Implementation guidance will depend on the final chosen standards.)*
**General Configuration Principle (Hybrid Mode):**
Configure initial PQC transition systems to use **Hybrid Cryptography** where feasible. This involves:
1. **Implementation Target:** Select a system component (e.g., TLS handshake).
2. **Dual Key Exchange:** Perform key establishment using both a current (e.g., ECC or RSA) algorithm and a pending PQC algorithm (e.g., CRYSTALS-Kyber).
3. **Security Rule:** Only proceed if *both* cryptographic layers are successfully established, ensuring protection against both classical and potential quantum adversaries during the transition.
## Compliance Alignment
- **NIST (National Institute of Standards and Technology):** Guidance on PQC migration is fundamentally tied to NIST's ongoing selection and standardization process for PQC algorithms. Organizations must track and align with finalized NIST PQC standards.
- **ISO/IEC 27000 Series:** Incorporating PQC planning into the risk assessment and control monitoring activities mandated by ISO 27001/27002 (specifically controls related to Cryptographic Strength/Key Management).
- **CIS Critical Security Controls:** PQC planning should be integrated into asset management (Control 1) and configuration management (Control 3/4), treating cryptographic libraries as critical assets requiring lifecycle management.
## Common Pitfalls to Avoid
- **The "Wait and See" Approach:** Delaying action until standards are *finalized* is dangerous due to the required migration lead time and the risk of "Harvest Now, Decrypt Later" attacks.
- **Ignoring Long-Lived Data:** Focusing only on real-time communications while neglecting the security of archived data that needs protection for decades ("data at rest").
- **Assuming Seamless Upgrades:** Failing to recognize that PQC algorithms may have larger key sizes or different computational demands, which requires re-evaluating hardware, network bandwidth, and system performance limits.
- **Lack of Stakeholder Buy-in:** Allowing the migration project to stall due to inadequate executive sponsorship or failure to communicate the long-term risk effectively.
## Resources
- **PQCC Migration Roadmap:** The primary resource guiding the four phases of migration (Preparation, Baseline Understanding, Planning/Execution, Monitoring/Evaluation). (Reference the PQCC document for detailed steps.)
- **NIST Post-Quantum Cryptography Standardization Program:** Essential source for finalized algorithm specifications and technical documentation.