OODA CTO Bob Gourley recently posted a synopsis and analysis of the July 5th NIST Quantum Resistant Cryptographic Algorithms Announcement and provided an update of the OODA Loop Executive’s Guide to Quantum-Safe Security and the OODA Loop Quantum List.
The Quantum Security Industry Response
Following is a broad survey of the industry reaction to the NIST announcement by the Quantum Security companies from the Quantum List and from CISA:
Tech Xplore reports: NIST announces first four quantum-resistant cryptographic algorithms | QuSecure: QuSecure is excited to share the recent announcement from the National Institute of Standards and Technology (NIST). We share the sentiments of the Secretary of Commerce Gina Raimondo who is quoted as saying, “Today’s announcement is an important milestone in securing our sensitive data against the possibility of future cyberattacks from quantum computers. Thanks to NIST’s expertise and commitment to cutting-edge technology, we are able to take the necessary steps to secure electronic information so U.S. businesses can continue innovating while maintaining the trust and confidence of their customers.” A more detailed review of this important NIST announcement on Tech Explore is available by clicking here.
Quantum Xchange Supports All Post-Quantum Standard Finalists Announced by NIST: BETHESDA, Md. – July 5, 2022 – Quantum Xchange today announced its crypto-diverse key delivery system, Phio Trusted Xchange (TX), supports all final quantum-resistant cryptographic algorithms, as well as alternates, announced today by the U.S. Department of Commerce’s National Institute for Standards and Technology (NIST). The four selected encryption algorithms will become part of NIST’s post-quantum cryptographic (PQC) standard, expected to be finalized by 2024.
Today @NIST has chosen the first group of quantum-resistant algorithms designed to withstand the future assault of quantum computers—which could potentially crack the security used to protect privacy in the digital systems we rely on every day. #PQC https://t.co/QuNmOKGJvd
— QuintessenceLabs (@QuintessenceLab) July 5, 2022
Quintessence Labs has published a very informative and thorough Cybersecurity Standards Technical Information page, which includes NIST standards in the context of other standardization efforts in the industry.
SandboxAQ – The Launch of AI + Quantum Tech: This week marks an important milestone in the history of cryptography and cybersecurity. After more than six years of work conducted by hundreds of scientists and engineers from 25 countries on six continents, the National Institute of Standards and Technology (NIST) unveiled a suite of four post-quantum cryptography (PQC) algorithms that will strengthen the world’s cybersecurity defenses as we enter the quantum era. The key takeaway from the recent announcement is that the NIST algorithms finally bring clarity and certainty to the business community as they transition from algorithms such as RSA encryption to a new, tangible PQC framework.
Crypto Quantique announces first post-quantum computing IoT security platform compliant with new NIST standards: LONDON, July 11th, 2022 — Crypto Quantique, a specialist in quantum-driven cybersecurity for the internet of things (IoT), announces a post-quantum computing (PQC) version of its QuarkLink chip-to-cloud IoT security platform. The upgraded platform is believed to be the first to use post-quantum algorithms recently announced for standardization by the National Institute of Standards and Technology (NIST), particularly the chosen key encapsulation mechanism (KEM), CRYSTALS-Kyber.
ID Quantique: While ID Quantique has not released an official statement about the recent NIST announcement, as recently as late April the company provided an analysis of a new vulnerability that threatened three finalists of the NIST Post-Quantum Cryptography contest: At the beginning of April 2022, the Center of Encryption and Information Security (an information security unit within the Israeli Defence Force) published a report on the security of Learning with Errors (LWE) and Learning with Rounding (LWR) based algorithms. The report is of particular interest because three of the six shortlisted finalists in NIST’s post-quantum cryptography standardization project are LWE/LWR based. The report shows that the application of some improvements to a specific attack type (known as a dual lattice attack) significantly reduces the security of the shortlisted algorithms – to the point that they fall below NIST’s required security threshold. The claim is, of course, under scrutiny by the community. A copy of the full report is available to download here.
About the OODA Loop Quantum Security Companies
QuSecure has made claims of being the first to provide a full and complete offering in quantum security. But they provide few details on their website and many others are in this space also providing full offerings. QuSecure is well funded and seems to have many proofs of concepts underway so is one to watch.
Quantum Xchange gives commercial enterprises and government agencies a solution for secure communications based on quantum effects. Its complete key management system and supports both post-quantum crypto (PQC) and Quantum Key Distribution (QKD). The operator of the first quantum fiber network in the U.S.
QuintessenceLabs has developed a suite of data security technology, products, and solutions to secure digital information based on quantum effects. One of the oldest and most recognized in this space.
Crypto Quantique provides local network-based cyber-security solutions for its clients based on quantum effects.
ID Quantique provides high-performance multi-protocol network encryption based on both conventional and quantum technologies (Quantum Key Distribution QKD).
QWERX Leverages an Ephemeral key infrastructure to provide a solution that is not just Quantum Resistant, but Quantum Proof, with a technology that is ready now.
SandboxAQ is an enterprise SaaS company that provides AI and quantum computing solutions. SandboxAQ’s solutions include post-RSA cybersecurity modules that migrate enterprises to higher levels of security. SandboxAQ modules enable post-quantum cryptography in line with emerging standards in this field. The firm is building a portfolio of other solutions that include quantum sensing for medical uses.
CISA: Prepare for a New Cryptographic Standard to Protect Against Future Quantum-Based Threats
From the CISA public statement on July 5, 2022:
Although NIST will not publish the new post-quantum cryptographic standard for use by commercial products until 2024, CISA and NIST strongly recommend organizations start preparing for the transition now by following the Post-Quantum Cryptography Roadmap, which includes:
- Inventorying your organization’s systems for applications that use public-key cryptography.
- Testing the new post-quantum cryptographic standard in a lab environment; however, organizations should wait until the official release to implement the new standard in a production environment.
- Creating a plan for transitioning your organization’s systems to the new cryptographic standard that includes:
- Performing an interdependence analysis, which should reveal issues that may impact the order of systems transition;
- Decommissioning old technology that will become unsupported upon publication of the new standard; and
- Ensuring validation and testing of products that incorporate the new standard.
- Creating acquisition policies regarding post-quantum cryptography. This process should include:
- Setting new service levels for the transition.
- Surveying vendors to determine possible integration into your organization’s roadmap and to identify needed foundational technologies.
- Alerting your organization’s IT departments and vendors about the upcoming transition.
- Educating your organization’s workforce about the upcoming transition and providing any applicable training.
For additional guidance and background, CISA and NIST strongly encourage users and administrators to review:
- NIST press release, NIST Announces First Four Quantum-Resistant Cryptographic Algorithms.
- The NIST and Post-Quantum Cryptography, Post-Quantum Cryptography Standardization, and Migration to Post-Quantum Cryptography websites.
It should go without saying that tracking threats are critical to inform your actions. This includes reading our OODA Daily Pulse, which will give you insights into the nature of the threat and risks to business operations.
Explore OODA Research and Analysis
Use OODA Loop to improve your decision-making in any competitive endeavor. Explore OODA Loop
The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence, and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence
We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech
Security and Resiliency
Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation-state conflict, non-nation state conflict, global health, international crime, supply chain, and terrorism. Explore Security and Resiliency
The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders, and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences, and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member-only video library. Explore The OODA Community.