Lattice Blog


Time is Ticking to Implement PQC

Time is Ticking to Implement PQC - Blog
Posted 12/21/2023 by Mamta Gupta, Director of Comms and Security

Posted in

It is a widely held misconception that companies have more than a decade to migrate to Post Quantum Cryptography (PQC) solutions to protect against quantum computers easily breaking RSA (Rivest–Shamir–Adleman) and ECC (Elliptic Curve Cryptography), the currently used asymmetric encryption algorithms. The reality is that quantum computing technology development is speeding up and we must begin adopting the new PQC algorithms now, as the transition takes time. Many of the devices under development today will still be in operation more than a decade from now, and the sheer volume of the systems and components that need the upgrade will take years.

PQC standards and regulations are maturing as we speak, and we now have a clear view of which device manufacturers must implement PQC, alongside which algorithms must be supported by when.

Recently, the National Security Agency (NSA) has released new requirements (Commercial National Security Algorithm Suite 2.0) for all systems and assets related to National Security Systems (NSS) with an aggressive timeline for PQC implementation. Beginning in 2025, all new NSS solutions and related assets must support PQC algorithms for software and firmware signing, and cloud solutions are also required to support PQC algorithms by 2025.

The New Requirement: Commercial National Security Algorithm (CNSA) 2.0
The NSA released the CNSA 2.0 standards in September 2022, establishing requirements and timelines for adopting PQC algorithms. These timelines apply to all NSS and related assets creating a de facto industry standard, as CNSA 2.0 requirements define best practices to ensure a market leading secure position.

CNSA Transition timeline
Transition timeline (source: NSA Cybersecurity Advisory, Announcing the Commercial National Security Algorithm Suite 2.0)

The critical dates in the CNSA 2.0 requirements are:

  • Software/firmware signing: PQC as the default and preferred algorithm by 2025
  • Web browsers/servers and cloud services: PQC as the default and preferred algorithm by 2025
  • Traditional networking equipment: PQC as the default and preferred algorithm by 2026
  • Operating systems: PQC as the default and preferred algorithm by 2027

Leighton-Micali Signature (LMS) and Xtended Merkle Signature Scheme (XMSS) encryption are to be used for software and firmware signing. These algorithms have been standardized, where companies should be including adoption in their product roadmaps. CRYSTALS-Dilithium and CRYSTALS-Kyber are the specified algorithms for other public key encryption use cases, Advanced Encryption Standard (AES) remains the standard for symmetric encryption, and Secure Hash Algorithm (SHA) remains the standard hashing algorithm.

CNSA 2.0 Algorithm Suite
CNSA 2.0 Algorithm Suite (source: NSA Cybersecurity Advisory, Announcing the Commercial National Security Algorithm Suite 2.0)

The Standardization Process for Migration to PQC
National Institute of Standards and Technology (NIST) standards provide the foundation for migration to PQC by defining the algorithms.

In October 2020, NIST standardized LMS and XMSS, which are used to generate digital signatures. They are well suited for code and firmware signing and are ideal for secure or trusted boot, secure software/firmware updates, and secure FPGA bitstream programming.

The standards for other PQC algorithms are also now available, albeit in draft format. Final standards are expected to publish in 2024.

Time is Ticking to Implement PQC - Table Image

Companies can begin migrating to these algorithms now. In many cases, companies will start with code and firmware signing, using LMS or XMSS, and will begin to implement using the draft standards to support other use cases and update to the final standards once they are available.

Migrate to PQC Algorithms Now with Crypto Agile Solutions
With the timeline above needing to have solutions in place by 2025, companies must consider code and firmware signing migration to these new algorithms. Most companies would have already defined their product roadmap for the next 18 to 24 months, and if they are not already planning to migrate to PQC algorithms, the time to act is now. This is a very broad requirement as code and firmware signing is utilized in virtually all solutions. Companies, regardless of the type of product or vertical market, must put action plans together to meet this requirement.

Web browsers, web servers, and cloud services are also required to implement CNSA 2.0 algorithms as the default and preferred algorithm by 2025. This is, in its own way, a very broad requirement as well. It applies to all uses of cryptography within cloud services including applications, servers, and services.

This requirement poses a bit more of a challenge as the NIST standards for CRYSTALS-Dilithium and CRYSTALS-Kyber are still being drafted. Final standards are expected to be available sometime in 2024, leaving a short window for migration to these algorithms. There is some good news, however, as companies can begin implementing now based on the draft standards. Any changes between draft and final standards can be resolved with crypto agility built into the deployment framework. The timelines for adopting PQC for other solutions including operating systems, traditional networking equipment, niche equipment and custom applications, and legacy equipment is a bit more relaxed, but companies should not become complacent. Networking equipment going into production now or in the next couple of years will likely be in use in 2030 when CNSA2.0 requirements for such solutions go into effect.

Utilizing FPGAs to Enable PQC Adoption
Lattice has long been a leader in FPGA security and is developing PQC-based solutions to enable its customers to easily adopt PQC in their solutions to achieve quantum safety. Following the CNSA 2.0 guidelines, Lattice plans to will be providing support for the full CNSA 2.0 algorithm suite, starting with XMSS and LMS for code and firmware signing.

FPGAs provide an ideal platform for companies seeking to adopt PQC solutions. FPGAs allow deployed products to be easily updated to meet evolving security requirements with their inherent programmability.

Support for code and firmware signing is the first step in implementing full PQC compliance. FPGAs are ideally equipped to facilitate future updates to enable the full CNSA 2.0 suite of algorithms in deployed products.

To learn more about the PQC solutions for Lattice FPGAs and how Lattice can help enable your PQC based design, reach out to speak with the team at Lattice.