The US National Institute of Standards and Technology (NIST) has announced the selection of PQC algorithms that address the risks arising from the creation of a CRQC and this will inform the ASD PQC algorithm selection process.
Background / What has happened?
Post-quantum cryptography is a field of cryptography dedicated to the creation and analysis of cryptographic algorithms that derive their security from mathematical problems considered difficult for both classical and quantum computers. PQC offers a low-cost, practical path to maintain the properties of secure communications systems in the presence of a CRQC.
ASD has not currently selected preferred PQC algorithms.
Selection will be informed by the NIST process to develop and standardise PQC algorithms. Candidate algorithms are evaluated and scrutinised in successive rounds to ensure the new standards will meet the requirements to protect sensitive data. ASD will evaluate each PQC algorithm based on its merits. Organisations can choose to pilot and prototype with candidate algorithms in test environments, ahead of use in production systems.
Mitigation / How do I stay secure?
ASD assesses that currently approved cryptography provides the most effective communications security option at this time. ASD will provide updated advice and doctrine, including a roadmap outlining a transition to PQC, in due course.
Those organisations with particularly sensitive cryptographic systems are encouraged to pilot PQC algorithms in separate test environments and discuss their anticipated PQC needs with vendors or those involved in post-quantum cryptographic research.
More broadly - including outside of cryptographic applications - Australian industry is encouraged to continue research and development of quantum technologies. This should include practical vulnerability research to better understand the risks associated with employing quantum technologies.
