September 17-20, 2024 | DoubleTree by Hilton, San Jose, California

Migration to Post-Quantum Cryptography—Panel Presentation on NIST’s NCCoE Collaborative Efforts (Q12b)

Migration to Post-Quantum Cryptography—Panel Presentation on NIST’s NCCoE Collaborative Efforts (Q12b)

Advances in quantum computing could compromise many of the current cryptographic algorithms being widely used to protect digital information, necessitating replacement of existing algorithms with quantum-resistant ones. Previous initiatives to update or replace installed cryptographic technologies have taken many years, so it is critical to begin planning for the replacement of hardware, software, and services that use affected algorithms now so that data and systems can be protected from future quantum computer-based attacks.

NIST has been soliciting, evaluating, and standardizing quantum-resistant public-key cryptographic algorithms ( To complement this effort, the NIST National Cybersecurity Center of Excellence (NCCoE) is engaging with industry collaborators and regulated industry sectors and the U.S. Federal Government to bring awareness to the issues involved in migrating to post-quantum algorithms and to prepare the crypto community for migration.

This project will initially develop example implementations, guidance, and recommended practices. Next, the project will demonstrate these examples supporting various use case scenarios. The findings from the demonstrations will be published in this practice guide, a NIST 1800-series Special Publication that is composed of multiple volumes targeting different topics and audiences defined by workstreams.

The initial workstreams are scoped to the following:
• Exploring the use of discovery tools to detect and report the presence and use of quantum-vulnerable cryptography in systems and services, and the use of output from the tools to inform risk analysis for prioritizing actions to move away from quantum-vulnerable cryptography.
• Identifying interoperability and performance challenges that applied cryptographers may face when implementing the first quantum-resistant algorithms NIST will standardize in 2024. Initial interoperability and performance testing will incorporate QUIC, Transport Layer Security (TLS), Secure Shell (SSH), X.509 post-quantum certificate hybrid profiles to support traditional and post-quantum algorithms, and post-quantum-related operations of next-generation Hardware Security Modules (HSMs).

Lessons learned from the workstreams, such as identifying gaps that exist between post-quantum algorithms and their integration into protocol implementations, will be shared with standards development organizations responsible for developing or updating standards that protect systems and related assets. Increased use of discovery tools will have the added benefit of detecting and reporting the use of cryptographic algorithms that are known vulnerable to non-quantum attacks. Further, our strategy for future phases will build iteratively to produce recommended practices for algorithm replacement, where in some cases interim hybrid implementations are necessary to maintain interoperability during migration.