Joseph David, Misoczki Rafael, Manzano Marc, Tricot Joe, Pinuaga Fernando Dominguez, Lacombe Olivier, Leichenauer Stefan, Hidary Jack, Venables Phil, Hansen Royal
SandboxAQ, Palo Alto, CA, USA.
Google, Mountain View, CA, USA.
Nature. 2022 May;605(7909):237-243. doi: 10.1038/s41586-022-04623-2. Epub 2022 May 11.
Quantum computers are expected to break modern public key cryptography owing to Shor's algorithm. As a result, these cryptosystems need to be replaced by quantum-resistant algorithms, also known as post-quantum cryptography (PQC) algorithms. The PQC research field has flourished over the past two decades, leading to the creation of a large variety of algorithms that are expected to be resistant to quantum attacks. These PQC algorithms are being selected and standardized by several standardization bodies. However, even with the guidance from these important efforts, the danger is not gone: there are billions of old and new devices that need to transition to the PQC suite of algorithms, leading to a multidecade transition process that has to account for aspects such as security, algorithm performance, ease of secure implementation, compliance and more. Here we present an organizational perspective of the PQC transition. We discuss transition timelines, leading strategies to protect systems against quantum attacks, and approaches for combining pre-quantum cryptography with PQC to minimize transition risks. We suggest standards to start experimenting with now and provide a series of other recommendations to allow organizations to achieve a smooth and timely PQC transition.
由于肖尔算法,量子计算机有望破解现代公钥密码学。因此,这些密码系统需要被抗量子算法所取代,抗量子算法也被称为后量子密码学(PQC)算法。在过去二十年里,PQC研究领域蓬勃发展,催生了大量有望抵御量子攻击的算法。多个标准化机构正在对这些PQC算法进行筛选和标准化。然而,即便有这些重要工作的指导,危险依然存在:数十亿新旧设备需要向PQC算法套件过渡,这将导致一个长达数十年的过渡过程,该过程必须考虑安全性、算法性能、安全实施的简易程度、合规性等诸多方面。在此,我们从组织层面阐述PQC过渡问题。我们将讨论过渡时间表、保护系统免受量子攻击的主要策略,以及将量子前密码学与PQC相结合以最小化过渡风险的方法。我们建议现在就开始试验的标准,并提供一系列其他建议,以使各组织能够顺利、及时地实现PQC过渡。
