National Cyber Security Centre (NCSC)

 

Guidance from SafeCipher to help organizations understand the NCSC recommendations for Post Quantum Migration in 2024

 

NCSC Summary:

Most PKC algorithms in use today will be vulnerable to a CRQC. The best mitigation against the threat of quantum computers to traditional PKC is PQC.

The security of symmetric cryptography is not significantly impacted by quantum computers, and existing symmetric algorithms with appropriate key sizes can continue to be used.

PQC upgrades can be planned to take place within usual technology refresh cycles.

ML-KEM (Kyber) and ML-DSA (Dilithium) are algorithms selected for standardisation by NIST that are suitable for general purpose use. All proposed parameter sets provide an acceptable level of security for personal, enterprise and OFFICIAL-tier government information. The NCSC recommends ML-KEM-768 and ML-DSA-65 as providing appropriate levels of security and efficiency for most use cases.

The NCSC strongly advises that operational systems should only use implementations based on final standards.

If a PQ/T hybrid scheme is chosen, the NCSC recommends it is used as an interim measure that allows a straightforward migration to PQC-only in the future.

 

SafeCipher works in tandem with organizations seeking the NCSC for Post Quantum guidance

When advising a government department consulting the NCSC for guidance in 2024 on preparing for the quantum computing era, SafeCipher will make several key recommendations and suggest actionable steps to ensure the department’s cryptographic practices are resilient against quantum threats.

These recommendations should be tailored to align with NCSC’s guidance and the broader context of quantum computing’s impact on cryptography.

 

Recommendations and Actionable Steps to align with NCSC’s guidance

Assessment of Current Cryptographic Systems:

Conduct a comprehensive audit of existing cryptographic systems to identify and document reliance on Public Key Cryptography (PKC) algorithms vulnerable to quantum attacks.

Evaluate the usage of symmetric encryption algorithms and ensure that key sizes are doubled to maintain security against quantum computing threats.

Strategic Planning for PQC Transition:

Develop a strategic roadmap for transitioning to Post-Quantum Cryptography (PQC), incorporating timelines that align with technology refresh cycles. This ensures a seamless and cost-effective migration to quantum-resistant algorithms. Engage with stakeholders across the department to raise awareness about the quantum threat and the importance of adopting PQC for future-proofing security measures.

Adoption of Quantum-Resistant Algorithms:

Prioritize the integration of ML-KEM (Kyber) and ML-DSA (Dilithium) algorithms, as recommended by the NCSC, into the department’s cryptographic practices. Focus on the specified parameter sets (ML-KEM-768 and ML-DSA-65) for optimal security and efficiency. Work with technology vendors and solution providers to ensure that the new cryptographic standards are supported in both current and future systems.

Implementation of Hybrid Cryptographic Schemes:

Implement PQ/T hybrid cryptographic schemes as an interim solution. This approach allows for the continued use of existing cryptographic infrastructure while gradually introducing quantum-resistant algorithms. Plan for a straightforward migration path to PQC-only systems, ensuring that hybrid schemes are used as a temporary measure rather than a permanent solution.

Compliance and Standardization:

Ensure that all cryptographic implementations are based on final standards issued by relevant standardization bodies, such as NIST. This adherence is crucial for maintaining security and interoperability across government and commercial sectors. Stay informed about the latest developments in quantum computing and cryptography standards to ensure that the department’s practices remain up-to-date and compliant with the highest security standards.

Training and Knowledge Building:

Invest in training programs for IT staff and cybersecurity personnel on the principles of quantum computing and post-quantum cryptography. Building internal expertise is essential for managing the transition effectively. Collaborate with academic and research institutions to stay at the forefront of quantum-resistant technologies and strategies.

Conclusion

By following these recommendations and actionable steps, SafeCipher can help government departments navigate the challenges posed by quantum computing to cryptographic security. Emphasizing the need for early preparation, strategic planning, and adherence to emerging standards will position the department to protect sensitive information both now and in the future against quantum threats.

x