The SafeLogic Blog

In an earlier blog, SafeLogic wrote about the company’s participation in the Post Quantum Cryptography (PQC) migration project led by NIST. This week, the Post-Quantum Cryptography team at the National Cybersecurity Center of Excellence (NCCOE) has published two NIST Special Publications (SP) preliminary draft practice guides titled:

• “SP 1800-38B, Migration to Post-Quantum Cryptography Quantum Readiness: Cryptographic Discovery”

• “SP 1800-38C, Migration to Post-Quantum Cryptography Quantum Readiness: Testing Draft Standards”

In the first of these publications, NIST shares insights on and lessons learned from using automated discovery tools to identify instances of quantum-vulnerable cryptography. In the second publication, NIST shares results from interoperability and performance tests using the draft PQC algorithms. SafeLogic would like to encourage all interested parties to submit comments to improve these documents and offer input on what else this collaboration can do to support migration to PQC. Please submit your comments here.

SafeLogic had been contributing to the first work stream covering the discovery of quantum-vulnerable cryptography. Given the ubiquitous use of cryptography across many technology stack layers, automated discovery tools can sometimes find hundreds or thousands of instances of quantum-vulnerable cryptography. Armed with that data, practitioners then face a crucial question about how to prioritize migration efforts. SafeLogic had been focusing on exploring answers to that question. We have been advocating for a risk-based approach rooted in organizational threat modeling. PQC migration prioritization remains an active area of research, and NIST will provide further guidance in future publications. 

SafeLogic’s cryptographic modules are used extensively within many of the top technology firms in the world. As such, we are increasingly having more and more conversations with our customers and prospects regarding how they should plan for PQC migration, prioritize PQC migration efforts, etc. In that respect, all the great work that NIST and the PQC migration collaboration community do is very valuable. 

To help our customers plan their PQC migrations further, SafeLogic is planning to launch an Early Access Program (EAP) in the first quarter of 2024 to enable its customers to start experimenting with PQC algorithms in their own environments, whether as standalone or in hybrid mode alongside classical cryptography. For the latter, SafeLogic customers subject to FIPS 140 requirements will be able to evaluate PQC implementation jointly with SafeLogic’s upcoming FIPS 140-3 module that is currently going through a validation process by NIST.