Highlights:
- The potential of quantum computing to disrupt existing cryptographic protocols protecting digital communications and data presents substantial challenges.
- The PQCA aims to be the central hub for organizations and open-source projects seeking ready-to-deploy libraries, supporting alignment with the U.S. National Security Agency’s Cybersecurity Advisory.
The Post-Quantum Cryptography Alliance, an open and cooperative endeavor uniting chip manufacturers, cloud providers, researchers, and developers to tackle the cryptographic security issues raised by quantum computing, was recently announced by the Linux Foundation.
Amazon Web Services Inc., Google LLC, NVIDIA Corp., Cisco Systems Inc., International Business Machines Corp. (IBM), Keyfactor Inc., IntellectEU N.V., Kudelski IoT, QuSecure Inc., SandboxAQ, and the University of Waterloo are among the founding members of the Post-Quantum Cryptography Alliance.
The emergence of quantum computing presents substantial challenges to cryptographic security, as it has the capability to compromise existing cryptographic protocols safeguarding digital communications and data.
Conventional cryptography schemes like Elliptic Curve Cryptography and RSA rely on the computational difficulty of problems that classical computers can solve within a reasonable amount of time. However, quantum computers can solve these issues much more quickly due to their capacity to process information through quantum bits; this capability threatens the viability of current encryption techniques.
The PQCA seeks to serve as the primary hub for organizations and open-source projects in search of ready-to-deploy libraries and packages, ensuring compliance with the U.S. National Security Agency’s Cybersecurity Advisory related to the Commercial National Security Algorithm Suite 2.0. It aims to facilitate cryptographic agility throughout the ecosystem within the specified timelines.
The alliance will undertake diverse technical projects to advance its goals, including creating software for assessing, prototyping, and implementing new post-quantum algorithms. Through these efforts, the Linux Foundation aims to promote the real-world integration of post-quantum cryptography across various industries.
The efforts of the PQCA extend the groundwork laid by several founding members over the past decade, laying the groundwork for the shift to post-quantum cryptography. Members of the PQCA have been instrumental in the standardization of post-quantum cryptography, serving as co-authors of the initial four algorithms chosen in the NIST Post-Quantum Cryptography Standardization Project: CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon, and SPHINCS .
Project Open Quantum Safe is one of the PQCA’s launch projects. Regarded as one of the top open-source software projects in the world for post-quantum cryptography and founded at the University of Waterloo in 2014. Additionally, the PQCA will serve as the home of the recently established PQ Code Package Project, which aims to develop high-assurance, production-ready software implementations of upcoming post-quantum cryptography standards, beginning with the ML-KEM procedure.
Senior Principal Engineer for cryptography and privacy at AWS, Matthew Campagna, said ahead of the announcement, “Post-quantum cryptography is an emerging area of cryptographic security that AWS has already started to invest in by contributing to post-quantum key agreement and post-quantum signature schemes.”
Jon Felten, who serves as the Senior Director of the Trustworthy Technologies, Security and Trust Organization at Cisco, mentioned that “the necessary conversion to post-quantum cryptography represents one of the largest and most complex technology migrations in the digital era.”