The SafeLogic Blog

Today, the National Institute of Standards and Technology (NIST) announced the availability of Post Quantum Cryptography (PQC) algorithm standards.  Three PQC algorithms have been standardized at this time: one key encapsulation mechanism, ML-KEM (Kyber) - FIPS 203, and two digital signature algorithms, ML-DSA (Dilithium) - FIPS 204 and SLH-DSA (SPHINCS+) - FIPS 205).  Also today, the White House Office of Science and Technology Policy and the National Security Council sponsored an event at the White House called “Securing Our Nation with Post-Quantum Cryptography”.  Attendees at the event included White House officials, agency representatives from across the federal government, and cryptography industry leaders, including SafeLogic CEO Evgeny Gervis. 

This announcement is the culmination of over seven years of concerted effort by NIST, academia, and industry. The PQC algorithm submission, vetting, and approval process started with NIST receiving over eighty candidates in the first round of a global competition. For years and through multiple rounds, many of the best cryptographers and mathematicians in the world have had a chance to submit, analyze, and critique the PQC algorithm submissions that NIST has received. 

“PQC algorithm standardization by NIST is a significant milestone that should catalyze PQC migration efforts across public and private sectors.  Many security and IT leaders have been eagerly awaiting these standards to begin their PQC migration efforts in earnest, and now that time has come”, said Evgeny Gervis, SafeLogic CEO. Gervis also leads NIST’s National Cybersecurity Center of Excellence (NCCOE) PQC risk management and migration prioritization workstream, which is made up of a consortium of leading organizations NIST has assembled for this effort.  “Now that these PQC algorithms have been standardized, SafeLogic will work to incorporate them into its FIPS 140-3 validated CryptoComply software as soon as possible”, added Gervis.

As a leading provider of cryptographic modules for over a decade now, SafeLogic has long been preparing to enable its customers to migrate to PQC.  Earlier this year, at the RSA conference in San Francisco, SafeLogic announced the launch of an Early Access Program (EAP) for its next-generation cryptographic software modules that include comprehensive support for all the PQC algorithms that NIST just standardized.  The cryptographic libraries available in this EAP, which are based on SafeLogic’s new FIPS 140-3 modules, allow SafeLogic customers to test and experiment with PQC algorithms and capabilities such as cryptographic use discovery, cryptoagility, and hybrid use cases (i.e., using both classical and PQC algorithms together).

“Gartner is now recommending its clients begin asking technology vendors about their PQC strategies,” said Mike Donaldson, SafeLogic CMO. “Actively testing the now standardized PQC algorithm implementations as part of SafeLogic’s EAP is a concrete step SafeLogic customers can take now to show their own customers that they are actively working on the PQC transition.” 

Quantum computers are promising to offer many benefits to society, but the advent of that technology also carries some risks.  One major risk is the threat that quantum computers are expected to pose to the world’s public key (asymmetric) encryption.  It is believed that once sufficiently powerful quantum computers are available, they will be able to break most of the widely available public key encryption in use today.  Should this risk materialize, the significant negative impact on security, privacy, and trust is hard to overstate.  Gartner predicts that by the end of this decade, classical Public Key (asymmetric) cryptography will no longer be safe to use.  Correspondingly, there is really no time to waste when it comes to planning and operationalizing PQC migration, especially considering how long this migration will take.  NIST’s new PQC standards will enable organizations to pursue PQC migration on a more solid footing.

“For over a decade, SafeLogic has been a trusted and proven cryptographic software solutions partner for companies that require strong, FIPS 140 validated cryptographic software. Our customers include top technology vendors, many of which sell to regulated industries such as the US Public Sector that already have PQC migration requirements in place via various executive orders and congressional actions,” commented Gervis.  “These and other customers, such as financial services, telecom, and healthcare organizations, want to start preparing for PQC migration now, and SafeLogic is excited to be their partner on that journey.”

SafeLogic’s PQC solutions offer several capabilities that organizations migrating to PQC will find important:

• PQC algorithms CRYSTALS-KYBER, CRYSTALS-Dilithium, FALCON, SPHINCS+, LMS, and XMSS are now available for customer testing
• SafeLogic takes a unique approach to cryptographic use discovery by providing real-time operational information for when quantum-vulnerable cryptography is being used. This information can greatly help organizations with their cryptographic inventories and migration prioritization decisions
• SafeLogic’s approach to cryptoagility builds on CryptoComply’s provider architecture to reduce the effort required for future cryptography migration
• SafeLogic’s approach to hybrid mode allows organizations to safely wrap classical FIPS 140-2 or FIPS 140-3 validated encryption in PQC to protect valuable data from “harvest now, decrypt later” attacks while maintaining FIPS compliance and providing defense in depth.

SafeLogic’s PQC solutions offer several distinct advantages, including field-proven validated cryptographic implementations, extensive environment coverage with maximum compatibility, commercial-grade support, support for CNSA 2.0, and increasing implementation in memory-safe languages.  As the world prepares for PQC migration, the largest migration in the history of cryptography, the dimensions above will be key to meeting their needs in a comprehensive fashion.  To learn more about SafeLogic’s PQC EAP, contact sales@safelogic.com.