In a post-quantum world, data must be protected against attacks from both quantum and conventional computers. Post-quantum cryptography (PQC) is the next generation of cryptographic algorithms, designed to protect data against attacks from both quantum and conventional computers. The transition from current cryptography to PQC is a complex process that will require resources, knowledge and planning.
One of the first things a company needs is an understanding of its current cryptography, to identify systems and software that will need to be upgraded or replaced with post-quantum cryptography.
Against this backdrop, the Accredited Standards Committee X9 announced it is developing a new technical PQC report. The assessment in the technical report will include a set of criteria that will help to identify the areas that will need upgrading to PQC. This assessment will provide initial information needed to identify systems using legacy cryptography, thus allowing the start of project planning activities targeting the work that will need to be performed.
“As we prepare for the advent of quantum computing and its aftermath, we realize that the entire financial services industry, from financial institutions, regional banks, credit unions and retail merchants, to service providers, cloud providers and mobile operators, will need to transition to PQC algorithms, and possibly to alternative key management methods,” said Michael Talley of University Bank and chair of the X9F1 Cryptographic Tools working group, in a statement. “It will be important to have PQC assessment guidelines available before transitions are underway, for consistency to make the process as smooth as possible and the outcomes optimal.”