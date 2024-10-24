Fortunately, post-quantum cryptography (PQC) algorithms, capable of protecting today’s systems and data, have been standardized. The National Institute of Standards and Technology (NIST) recently released the first set of three standards:

ML-KEM: a key encapsulation mechanism selected for general encryption, such as for accessing secured websites

ML-DSA: a lattice-based algorithm chosen for general-purpose digital signature protocols

SLH-DSA: a stateless hash-based digital signature scheme

Two of the standards (ML-KEM and ML-DSA) were developed by IBM with external collaborators, and the third (SLH-DSA) was co-developed by a scientist who has since joined IBM.

Those algorithms will be adopted by governments and industries around the world as part of security protocols such as “Transport Layer Security” (TLS) and many others.

The good news is that these algorithms are at our disposal to protect against the quantum risk. The bad news is that enterprises must migrate their estate to adopt these new PQC standards.

Previous cryptography algorithm migration programs took years to complete. Ask yourself as an organization: how long was your SHA1 to SHA2 migration program? What about your public key infrastructure (PKI) upgrade program where you increased the PKI trust chain key size from 1024-bit to 2048-bit keys or 3072-bits or 4096-bit keys? How long did all that take to roll out across your complex enterprise environment? Several years?

The impact from quantum computing and the implementation of the PQC standards is vast, covering a comprehensive estate of your organization. The quantum computing risk affects many more systems, security tools and services, applications and network infrastructure. Your organization needs to immediately transition toward PQC standards to safeguard your assets and data.