A QUANTUM MILESTONE
This month, a significant milestone in post-quantum cryptography (PQC) was achieved: three algorithm standards (ML-KEM, ML-DSA, SLH-DSA) were published by the National Institute of Standards and Technology (NIST), the US national standards organisation, a non-regulatory agency within the U.S. Department of Commerce that works to promote innovation and industrial competitiveness. The National Cyber Security Centre (NCSC) has updated its PQC white paper to reflect this milestone. While the core technical messages of the paper remain unchanged, it acknowledges that many are eager to understand the next steps in the national migration to PQC.
JUST THE BEGINNING
The standardisation of algorithms is just the beginning of the work for the international cryptography community as it progresses towards full migration to PQC. Robust implementations of these algorithms are needed, along with modifications to the services and protocols that currently use public-key algorithms to incorporate PQC. For instance, there are wider international efforts focused on updating major internet protocols, such as TLS, a cryptographic protocol that helps secure data in transit over the internet.
INITIAL DISCOVERY
The migration to PQC will be a multi-year endeavour, with some sectors expected to take more than a decade. However, due to the scale of the effort, preparation is a priority now. Larger organisations, particularly those with bespoke IT or operational technology, should begin planning for a future migration to PQC. This initial discovery work involves:
· ensuring the organisation has a clear understanding of the data it holds, the value of that data to both the organisation and potential adversaries, and how long specific data holdings are expected to remain relevant
· building a record of the systems on which data is processed and stored
· assessing how data is protected across those systems, with a focus on where public key cryptography is used
· understanding how the organisation’s supply chain is approaching its own PQC migration
HIGH PRIORITY
The highest priority systems for migration will be those that handle data expected to retain value over an extended period. Additionally, systems where changes can only be made infrequently will also be prioritised, particularly those reliant on long-lasting or difficult-to-upgrade hardware. These systems require early attention to ensure their security in a post-quantum world. Addressing such systems first will help mitigate future risks as PQC adoption progresses.
REGULATORY SUPPORT
Many larger organisations operate within regulated sectors. The NCSC will assist regulators in establishing appropriate guidelines and policies for their industries and will consult with major industry bodies to understand their challenges, working alongside the Department for Science, Innovation & Technology (DSIT) and other leading government departments as required. Some sectors, such as finance and telecoms, have already given considerable thought to the implications of integrating PQC into their complex networks. Where best practices can be shared, the NCSC will highlight them, while also providing direct advice for addressing sector-specific challenges.
GOVERNMENTAL SUPPORT
Within government, the NCSC will primarily collaborate with the Cabinet Office and DSIT to establish policy for the migration of other departments, offering tailored consultancy where necessary, such as for systems handling data related to national security. Over the coming year, the NCSC plans to work with one or two departments to explore in greater detail what developing a 'whole-department PQC migration plan' will entail. Any principles identified that have broader relevance will be shared.
HELPING EVERYBODY
Several specialist companies are already providing services related to post-quantum cryptography, and the NCSC aims to see excellent consultancy available across a broad range of areas, from in-depth expertise in post-quantum cryptography to discovery activities, migration planning, and large-scale system integration. In the longer term, the NCSC plans to accredit suitable consultants and consultancies through its existing schemes. In the nearer term, it will explore effective ways to connect organisations with the expertise they require, ensuring scalability for a UK-wide migration.
ZHERO INVESTS IN PQC
As the world moves towards a quantum-powered future, safeguarding digital communications against potential quantum attacks becomes increasingly critical. Quantum computers, with their ability to solve complex mathematical problems exponentially faster than classical computers, pose a significant threat to current encryption methods. It is estimated that within the next decade, quantum computing could break widely used cryptographic algorithms such as RSA and ECC, potentially jeopardising the security of sensitive data across various industries. In response, Cyber London's co-founder, Zhero, is actively investing in Post-Quantum Cryptography (PQC) to future-proof next-generation networks.
ZHERO’S COMMITMENT TO PQC
PQC focuses on developing cryptographic algorithms resistant to quantum attacks, ensuring that data remains secure even in a quantum era. Recent studies suggest that the global PQC market is expected to grow at a CAGR of over 25% in the next five years, emphasising the urgent need for solutions capable of withstanding an evolving threat landscape. With industries such as finance, healthcare, and critical infrastructure increasingly targeted by sophisticated cyber-attacks, investing in PQC is not merely a precaution but a necessity. Zhero's commitment to PQC reflects its dedication to pioneering innovative security solutions that address current challenges while anticipating future demands in the digital landscape. Please reach out to Zhero and Cyber London for more information
Comments